In a major disclosure on Tuesday, 23 August, former Twitter employee, renowned cybersecurity expert, and now a whistleblower, Peiter “Mudge” Zatko alleged grave security malpractices at the company, as well as its failure to calculate the number of bots on the platform.
These are a risk to national security and democracy, he claimed, reported CNN.
Among the disclosures made by the erstwhile employee, one refers to involvement of foreign government agents, namely agents from the Indian government, for acquiring sensitive data through the platform.
In an interview with the news organisation, Zatko, who was fired by Twitter in January, claimed that he joined the platform as he believes it to be a “critical resource” for people, but was left disillusioned by CEO Parag Agarwal's refusal to address its shortcomings.
"This would never be my first step, but I believe I am still fulfilling my obligation to Jack and to users of the platform," he told The Washington Post.
Last month, in a 200-page complaint to the Securities and Exchange Commission (SEC), he accused the company of misleading shareholders, and violating prescribed security standards.
The Key Disclosures
These are some of the key accusations made by Zatko:
Nearly half of Twitter’s 7,000 or so full-time employees have unmonitored access to users’ sensitive personal data (like phone numbers, addresses etc) and internal workings of its software.
The platform employs a misleading method to calculate the number of bots, fake accounts, or spam. "Executives are incentivized (with bonuses of up to $10 million) to boost user counts rather than remove spam bots," the complaint alleges.
As Twitter is a critical tool for mass organisation and disseminating news, Zatko alleged that he believes that the company is under pressure by the Indian government, which has forced it to hire an agent with “access to vast amounts of Twitter sensitive data.”
The complaint also notes that the platform has, on past occasions, failed to wipe out users’ data upon requests, since such records are spread too widely among internal systems to be properly tracked.
'Riddled With Inaccuracies': Twitter's Response
The tech company, meanwhile, has denied the allegations and said that Zatko's account is "riddled with inconsistencies and inaccuracies, and lacks important context."
In a statement to CNN, a Twitter spokesperson said, "Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and we still have a lot of work ahead of us."
The controversy also comes at a time when Twitter is embroiled in a legal battle with Elon Musk, and is likely to propel Musk's arguments against the firm.
Elon Musk had in July backed out of his $44 billion deal to buy Twitter and had alleged that the company defrauded him by concealing the number of fake accounts in its regulatory filings.
(With inputs from CNN and The Verge.)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)