Special Report: Former Security Chief Alleges Massive Security Failures and Fraud at Twitter

Allegations include widespread vulnerabilities, violation of FTC settlement, poor internal access to software, prioritizing growth over spam, foreign agents on payroll, cluelessness about bots, more

Photo by Alexander Shatov on Unsplash

A blockbuster complaint filed at the Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission by the former head of security at Twitter, Peiter Zatko, a widely admired hacker known as “Mudge,” alleges that Twitter executives deceived federal regulators and the company’s board of directors about “extreme, egregious deficiencies” in its defenses against hackers, including some that could allegedly open the door to foreign spying or manipulation, as well as its meager efforts to fight spam.

Zatko alleges that Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan. He says he warned colleagues that half the company’s servers were running out-of-date and vulnerable software and that executives withheld alarming facts about the number of breaches and lack of protection for user data, instead presenting directors with rosy charts …