An anonymous reader quotes the CNN post: Twitter has serious security problems that pose a threat to its own users’ personal information, the company’s shareholders, national security and democracy, according to an explosive whistleblower report obtained exclusively by CNN and The Washington Post. The disclosures, sent last month to Congress and federal agencies, paint a picture of a chaotic and reckless environment at a poorly managed company that allowed too many of its employees to access central platform controls and the most sensitive information without proper oversight. It also alleges that some of the company’s top executives tried to cover up serious Twitter vulnerabilities and that one or more current employees may be working for a foreign intelligence service.
The whistleblower, who agreed to be publicly identified, is Petter “Madge” Zatko, who was previously the company’s head of security and reported directly to the CEO. Zatko further alleges that Twitter management misled its own board and government regulators about security weaknesses, including some that allegedly could open the door to foreign espionage or manipulation, hacking and disinformation campaigns. The whistleblower also claims that Twitter doesn’t reliably delete users’ data after they cancel their accounts, in some cases because the company lost track of the information and that it misled regulators about whether it was deleting data as required. The whistleblower also says that Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and haven’t had the motivation to do so. Bots have recently become central to Elon Musk’s attempts to back out of a $44 billion deal to buy the company (though Twitter has denied Musk’s claims).
Zatko was fired by Twitter in January for what the company says was poor performance. According to Zatko, his public announcement came after he tried to tell Twitter’s board about the security flaws and help Twitter fix years of technical flaws and an alleged breach of an earlier confidentiality agreement with the Federal Trade Commission. Zatko is represented by Whistleblower Aid, the same group that represented Facebook whistleblower Frances Haugen. John Tye, founder of Whistleblower Aid and Zatko’s attorney, told CNN that Zatko had no contact with Musk and said Zatko began the whistleblower process before there was any indication of Musk’s involvement with Twitter. After this article was originally published, Alex Spiro, a lawyer for Musk, told CNN: “We have already issued a subpoena for Mr. Zatko and found his departure and the departure of other key employees to be of interest in light of what we found. .” “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance,” a Twitter spokesperson said. “What we’ve seen so far is a false narrative about Twitter and our privacy practices and data security, which is rife with inconsistencies and inaccuracies and devoid of important context. Mr. Zatko’s allegations and opportunistic timing appear designed to attract attention and harm Twitter, its customers and shareholders. Security and privacy have long been priorities across the board. companies on Twitter and will remain so.”
Zatko also alleges that the Indian government forced Twitter to put a government agent on its payroll, giving them access to sensitive user data. “Twitter is embroiled in a lawsuit against India’s government after it asked a local court in July to overturn some government orders to remove content from the social media platform and alleged abuses of official authority,” Reuters added.