Whistleblower: Twitter Is Full of Security Problems, Trying to Cover Them up

pcmag.com:

Twitter is facing a whistleblower complaint that claims the company is trying to cover up major security problems.

The complaint comes from Peiter "Mudge" Zatko, a highly regarded hacker who previously worked as Twitter's head of security before he was fired six months ago. Last month, Zatko sent whistleblower disclosures to Congress and federal agencies, which both CNN(Opens in a new window) and The Washington Post(Opens in a new window) obtained. 

Zatko was originally hired(Opens in a new window) in 2020 to help bolster security at the social media company, including how to stop misinformation from circulating over the platform. What he found was that Twitter allows around 5,000 employees access to sensitive control systems and user data, and does so with virtually no monitoring.  

“In 2020 alone, Twitter had more than 40 security incidents, 70% of which were access control-related. These included 20 incidents defined as breaches; all but two of which were access control related,” the complaint claims. 

In addition, Zatko “became aware of multiple episodes suggesting that Twitter had been penetrated by foreign intelligence agencies and/or was complicit in threats to democratic governance." This included how Twitter allegedly hired a suspected Indian government agent as an employee, who then had access to the platform’s internal data. 

Zatko claims he tried to address the security problems at Twitter, but he faced resistance from Twitter’s new CEO, Parag Agrawal, who took over for Jack Dorsey last November. According to the complaint, Agrawal instructed Zatko to supply misleading and false information to a Twitter board committee about the security issues facing the company.

The conduct amounted to Twitter repeatedly