Former Twitter security chief accuses the platform of lying for years

twitter lleva años mintiendo sobre su seguridad

For millions of users in the world, Twitter is the best social network on the Internet: it is a gossip where everyone publishes what they think, without too many filters, as well as an excellent space to get information , circumvent the censorship of many countries and organize protests.

However, what if we told you that Twitter has lied to all of us for years? This is stated by his former head of security, who has uncovered the controversy around the platform. Twitter has hidden negligent practices for years , but how serious are they? Read on to find out.

Twitter does not fix its security problems, even if it says otherwise

Notorious hacker Peiter “Mudge” Zatko, a former Twitter security chief, has accused the platform of misleading users and regulators for years. Weeks ago, Zatko filed a complaint with the United States Securities and Exchange Commission (SEC) accusing Twitter of violating an agreement made with the Federal Trade Commission (FTC) to maintain certain security standards.

The document is over 200 pages long, was recently leaked, and both CNN and The Washington Post recently published a summary. There are numerous accusations made against Twitter , but these are the most significant and worrying:

  • Indiscriminate access to personal data : According to Zatko, more than half of Twitter’s roughly 7,000 full-time employees have access to critical systems on the platform. These people can access sensitive data (such as phone numbers) and software capable of modifying the operation of the platform. In addition, such access is closely controlled.
  • Too many copies of the Twitter source code : There are thousands of computers (mainly laptops) with complete copies of the source code, a huge security mistake if it were to fall into the wrong hands.
  • Data not deleted – Twitter may not have deleted the data of many of its users when they requested it. Zatko points out that those logs are too spread out across the platform’s systems, making it very difficult to track them properly.
  • Twitter turns a blind eye to bots : The company claims that less than 5% of its daily active users are bots, fake or spam accounts. However, Zatko claims that the measurement method is misleading and that some executives receive up to 10 million dollars in bonuses to increase the number of users, instead of eliminating the bots.
  • Misleading the FTC and users – In 2010, the FTC investigated Twitter for failing to adequately protect users’ personal information. Twitter reached an agreement in which it promised to solve this, but for years they have made “false and misleading statements” about it.
  • Government Agents on Twitter : Being such a powerful tool for dissent, some governments have sought to get their hands on Twitter. In fact, Zatko believes that the Indian government forced Twitter to hire a government agent with access to vast amounts of data.

Zatko comes to Twitter to resolve security issues, but left for the same reason

exjefe seguridad twitter denuncia a la plataforma

Now, you may be wondering, why is Peiter Zatko making these claims? Zatko was fired from Twitter in January and claims it was for refusing to remain silent about the platform’s security issues .

The hacker arrived on Twitter in 2020 at the request of former CEO Jack Dorsey, after the service suffered a massive hack that compromised the accounts of very famous people (such as Barack Obama or Bill Gates). According to Zatko, he accepted the proposal because he believes that Twitter is too important a resource for the world and because Dorsey really wanted to make it more secure.

However, things started to change when Parag Agrawal took over as CEO of the company. The new CEO was refusing to address Twitter’s security issues, and Zatko wasn’t about to shut them up. This was what the former security chief told the Washington Post when asked about his new role as a whistleblower:

“This would never have been my first step (the complaint), but I believe that I am still fulfilling my obligation to Jack and to the users of the platform. I want to finish the job that Jack brought me here for, which is to improve the serve.”

Twitter responds to the accusations and points to Zatko

twitter podria ser multado por denuncias de seguridad

In response to the allegations, a Twitter spokesperson said the former security chief was sensationalizing and selectively presenting information . These were his statements:

“Mr. Zatko, you were terminated from your senior executive position at Twitter over 6 months ago for poor performance and ineffective leadership. While we have not had access to the specific allegations you reference, what we have seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, as well as lacking in context Mr. Zatko’s accusations and opportunistic timing seem designed to grab attention and inflict damage on Twitter, its customers and shareholders. Security and privacy have long been priorities at the company and we still have a lot of work ahead of us.”

We still don’t know what will happen to Twitter after all this, but the FTC and SEC are reviewing the complaint right now. However, if some of these allegations are confirmed, it is quite certain that Twitter will be hit with fines . In addition, it could negatively affect the value of Twitter shares on the stock market.

Lastly, this imbroglio could give a backlash to Elon Musk, who is trying to extricate himself from a $44 billion deal to buy Twitter. Musk justifies his decision that the platform is lying about the number of bots and spam accounts on this social network, just one of Zatko’s remarks. We don’t know if this could benefit Musk legally in the end, but it will certainly gain him support in the public eye.