Twitter’s former head of security has accused the social media giant of misleading federal regulators and the company’s own board about “extreme, egregious deficiencies” in its security protocols as well as its ability to combat spam accounts, according to a bombshell whistleblower complaint obtained by the Washington Post and CNN and published Tuesday.
In the complaint, filed last month with the Securities Exchange Commission, former Twitter exec Peiter Zatko argues that Twitter’s security lapses pose a threat to users’ personal information as well as national security. Zatko, who reported directly to Twitter’s CEO before he was fired in January, also alleges that the company broke the terms of a 2011 settlement with the Federal Trade Commission promising that it had a locktight security protocol.
Zatko also claimed that Twitter prioritized user growth over combating spam accounts, according to his complaint, even offering up to $10 million in executive bonuses for increasing daily users with no similar incentives for reducing spam accounts.
That allegation will be of particular interest to Elon Musk, who is seeking to extricate himself from a $44 billion deal to buy the company, in part over what he claims is a lack of visibility into the number of spam and bot accounts on the platform. (Twitter has denied Musk’s claims.)
“We have already issued a subpoena for Mr. Zatko,” Musk attorney Alex Spiro told CNN on Tuesday morning, “and we found his exit and that of other key employees curious in light of what we have been finding.”
in to statement to CNN, a Twitter spokesperson disputed some of Zatko’s allegations and said that security and privacy remain both longtime priorities for the company. “Mr. Zatko was fired from his senior executive role at Twitter for poor performance and ineffective leadership over six months ago,” the rep said. “While we haven’t had access to the specific allegations being referenced, what we’ve seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context.”
Zatko had harsh words for Parag Agrawal, the chief technology officer who replaced founder Jack Dorsey as CEO last November, and whom he accused of “lying” in a May tweet claiming that the company was “strongly incentivized to detect and remove as much spam as we possibly can,” according to the Post’s account of the complaint. He also alleges that he was fired as retaliation for his attempts to raise internal alarms about what he felt were serious security lapses.