Twitter is a threat to democracy, according to the company's own former head of security.
The whistleblower sent his disclosure to Congress and federal agencies last month, alleging that Twitter's massive security problems were a meaningful threat both to users' data privacy and to national security.
Also among the allegations? Claims that top Twitter executives are covering up deep vulnerabilities in the social platform, that the company has misled the FTC, and that at least one current employee might be in working for foreign intelligence.
Deeply Troubling Claims
The whistleblower is former head of security Peiter Zatko, who agreed to be identified and has worked with major executives within Twitter, even reporting directly to the CEO.
According to his claims, half of Twitter's servers have been running old and vulnerable software, even despite Zatko informing his colleages.
Worse, executives are alleged to have failed to inform directors of the extent of the security failings, which keeps board members and shareholders in the dark about details like the true number of data breaches.
In other words, the “extreme, egregious deficiencies” outlined in this bombshell disclosure, broken by the Washington Post, can't be overstated.
Twitter Is In Rough Waters
If true, the new report will carry big legal implications. It alleges that Twitter, by falsely stating that it has good security, has violated the terms of Federal Trade Commission settlement from eleven years ago.
It's also bad news for the typical Twitter user, and since the platform has 238 million daily users, the implications here are huge as well.
While the SEC, DOJ and FTC all declined to comment when pressed by Washington Post reporters, some people familar with Zatko did have an annoymous response:
“A person familiar with Zatko’s tenure said the company investigated Zatko's security claims during his time there and concluded they were sensationalistic and without merit. Four people familiar with Twitter's efforts to fight spam said the company deploys extensive manual and automated tools to both measure the extent of spam across the service and reduce it.”
One person might be happy to see the extent of the problem being made public, however: The disclosure plays into the hands of Elon Musk, who has very publically chosen not to aquire Twitter earlier this year and cited the number of bots in the platform as the reason. According to Zatko, spam (as well as security) is out of control on the site, which can be taken to bolster Musk's argument.
Our Security Tip: Don't Do Any of This
Normally, we like to wrap up our coverage of cybersecurity news with a few tips — don't trust email messages with misspelled email addresses, get all your employees a VPN, and run a quick security workshop to help guide employees away from obvious phishing scams or using 123456 as their password.
But frankly, none of that would have helped Twitter if all or even just most of Zatko's deeply upsetting claims are true.
Yes, you should get a high-quality password manager to stay safer on the internet. But there's no software to fix a rotton company culture. If your business has reached the point at which a former head of security has sent a dossier to your nation's government alleging your company is a threat to democracy, our security tip is to rethink your life decisions.