Ex-security chief alleges Twitter hid flaws in personal data protection

NEW YORK — Twitter misled users and federal regulators about glaring weaknesses in its ability to protect personal data, the platform’s former security chief claims in whistleblower testimony likely to impact the company’s bitter legal battle over Elon Musk’s takeover bid.
In a complaint filed with the US Securities and Exchange Commission and published in part today by The Washington Post and CNN, Peiter Zatko also accuses Twitter of significantly underestimating the number of automated bots on the platform — a key element in Musk’s argument for withdrawing his $44 billion buyout deal.
CNN quotes the disclosure by Zatko as accusing Twitter of “negligence, willful ignorance, and threats to national security and democracy.”
Zatko, who Twitter says it fired earlier this year for poor performance, warns of obsolete servers, software vulnerable to computer attacks and executives seeking to hide the number of hacking attempts, both to US authorities and to the company’s board of directors.
The hacker-turned-executive, who goes by the nickname “Mudge,” also claims that Twitter prioritizes growing its user base over fighting spam and bots, according to the reports.
In particular, according to The Washington Post, he accuses the platform’s boss Parag Agrawal of “lying” in a tweet in May.
In the tweet, Agrawal says Twitter is “strongly incentivized to detect and remove as much spam as we possibly can.”
Twitter has dismissed the allegations.
A company spokesperson tells AFP that Zatko was fired in January this year for “ineffective leadership and poor performance.”
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” the spokesperson says in a statement.
The “opportunistic timing” of the allegations appears “designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” the statement continues.
“Security and privacy have long been company-wide priorities at Twitter and will continue to be.”