The informer A complaint by Twitter’s former head of security, which alleges the social media company handled users’ personal data, will have far-reaching implications for the business.
US lawmakers have vowed to investigate and the legal team of Elon Musk, who is seeking to back out of a deal to buy Twitter, has been emboldened by the claims. Shares of Twitter fell 5% on Tuesday, the biggest intraday drop in more than a month.
According to a copy of the complaint, former CEO Petter Zatko alleged “glaring deficiencies” in Twitter’s defenses against hackers and other lax security approaches. Zatko said he warned colleagues that some of Twitter’s servers were running outdated software and that executives were hiding information about breaches and a lack of user data protection.
House officials confirmed the whistleblower complaint in a joint statement by Frank Pallone and Cathy McMorris Rogers, the top Democrat and Republican on the House panel that received the report. “The Committee on Energy and Commerce is actively reviewing the information about the Twitter whistleblower and evaluating next steps,” they wrote. “There are still many unknowns and questions to be answered. Many of these allegations, if true, are alarming and reaffirm the need for Congress to enact comprehensive national consumer privacy legislation to protect Americans’ online data.”
Thousands of employees also had access to the company’s core software, which the report said led to high-level users being hacked. The Washington Post, which first reported the complaint along with CNN, said it had been sent to the US Securities and Exchange Commission, the Justice Department and the Federal Trade Commission. The Justice Department and the FTC declined to comment. The SEC did not immediately respond to a request.
The whistleblower’s document also claimed that Twitter prioritized growth over reducing the number of spam accounts, offering executives cash bonuses of up to $10 million for increasing the number of daily users. Spam and “bots” on Twitter have become a key point of conflict between the company and Musk. Musk’s lawyers also said Tuesday that they had issued a subpoena for Zatko to testify in court. Legal experts said Zatko’s complaint supports Musk’s case.
Twitter pushed back. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is rife with inconsistencies and inaccuracies and lacks important context,” a Twitter spokesperson said when reached for comment. “Zatko’s allegations and the opportune timing appear designed to attract attention and harm Twitter, its customers and shareholders. Security and privacy have long been company-wide priorities at Twitter and will remain so.”
Read: Musk Sues Jack Dorsey in Twitter Deal Fight
Twitter said Zatko was fired in January for “ineffective leadership and poor performance.” Zatko could not be reached for comment. Whistleblower Aid, which represents him, said in an emailed statement that Zatko and the group could not comment, citing legal obligations.
Musk linked to the claims via Twitter, with an image of Pinocchio character Jiminy Cricket saying “whistle a little,” a line from his signature song about listening to your conscience.
If Zatko’s claims are upheld, Twitter would be in violation of a 2011 settlement with the FTC. Members of the Senate Judiciary and Intelligence Committees said the report contained serious claims that could affect user privacy and national security.
The nascent investigation echoes a congressional investigation into whistleblower allegations against Facebook, which is owned by Meta Platforms, which was first reported by the Wall Street Journal last year. Meta has lost more than half of its market value since the complaint was published, and earnings reports show that Facebook’s US user base has plateaued.
Twitter has largely escaped the wrath of lawmakers this Congress, who have subpoenaed representatives of Meta-owned TikTok, Snap and Instagram. But on Tuesday, Chief Justice Dick Durbin said the reports were “deeply troubling” and he vowed to “continue to investigate this matter and take any further action necessary to investigate these disturbing allegations”.
“If true, these allegations could reveal dangerous data privacy and security risks for Twitter users around the world,” said Durbin, D-Illinois.
Iowa Sen. Chuck Grassley, the ranking Republican on the Senate Judiciary Committee, is one of the lawmakers who reviewed the complaint and is working with Zatko. Grassley said the whistleblowers’ claims “raise serious national security concerns as well as privacy concerns and should be investigated further.” The Senate Intelligence Committee is also looking into Zatko’s claims, spokeswoman Rachel Cohen said.
Florida Sen. Marco Rubio, the top Republican on the Intelligence Committee, said he and his colleagues are “taking the complaint with the seriousness it deserves and look forward to hearing more information.”
Twitter has a long track record of making very bad decisions on everything from censorship to security practices
“Twitter has a long track record of making very bad decisions on everything from censorship to security practices,” Rubio said in a statement. “This is of great concern given the company’s ability to influence national discourse and global events.”
Twitter’s 2011 settlement with the FTC barred the company for 20 years from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic information about consumers.” The agreement stems from a 2009 hack of the social media platform that allowed attackers to send fake messages from any account, among other problems.
In May, Twitter paid the FTC $150 million for misusing users’ phone numbers downloaded for security purposes to target ads. Using the phone numbers violates the social media company’s 2011 consent decree, where it agreed to better protect users’ personal data.
Zatko’s complaint alleges further violations of the 2011 settlement, which could lead to possible additional fines against Twitter. A federal judge accepted the $150 million settlement in May, but the FTC could reopen the case or file another complaint.
Read: Elon Musk sells Tesla for $6.9 billion to avoid Twitter fire sale
In his complaint, Zatko alleges that Twitter’s sales force continues to misuse phone numbers collected for security purposes to target ads, that the data of users who have deactivated their accounts is not properly deleted and that executives misrepresented the company’s privacy information to the FTC. politicians.
His complaint also alleged that Twitter did not adequately monitor potential insider threats and did not take remedial action when necessary. Earlier this month, a former Twitter employee was convicted of spying for Saudi Arabia by using his access to obtain personal information about government critics. — Brodie Ford, Anna Egerton and Leah Nylen, (c) 2022 Bloomberg LP