Twitter Hides Data Breaches From Its Board, Says Whistleblower

According to the leak, half of Twitter's servers have been running old and vulnerable software while executives do little.
Adam Rowe

Twitter is a threat to democracy, according to the company's own former head of security.

The whistleblower sent his disclosure to Congress and federal agencies last month, alleging that Twitter's massive security problems were a meaningful threat both to users' data privacy and to national security.

Also among the allegations? Claims that top Twitter executives are covering up deep vulnerabilities in the social platform, that the company has misled the FTC, and that at least one current employee might be in working for foreign intelligence.

Deeply Troubling Claims

The whistleblower is former head of security Peiter Zatko, who agreed to be identified and has worked with major executives within Twitter, even reporting directly to the CEO.

According to his claims, half of Twitter's servers have been running old and vulnerable software, even despite Zatko informing his colleages.

Worse, executives are alleged to have failed to inform directors of the extent of the security failings, which keeps board members and shareholders in the dark about details like the true number of data breaches.

In other words, the “extreme, egregious deficiencies” outlined in this bombshell disclosure, broken by the Washington Post, can't be overstated.

A look at the data breaches reported in 2022 so far

Twitter Is In Rough Waters

If true, the new report will carry big legal implications. It alleges that Twitter, by falsely stating that it has good security, has violated the terms of Federal Trade Commission settlement from eleven years ago.

It's also bad news for the typical Twitter user, and since the platform has 238 million daily users, the implications here are huge as well.

While the SEC, DOJ and FTC all declined to comment when pressed by Washington Post reporters, some people familar with Zatko did have an annoymous response:

“A person familiar with Zatko’s tenure said the company investigated Zatko's security claims during his time there and concluded they were sensationalistic and without merit. Four people familiar with Twitter's efforts to fight spam said the company deploys extensive manual and automated tools to both measure the extent of spam across the service and reduce it.”

One person might be happy to see the extent of the problem being made public, however: The disclosure plays into the hands of Elon Musk, who has very publically chosen not to aquire Twitter earlier this year and cited the number of bots in the platform as the reason. According to Zatko, spam (as well as security) is out of control on the site, which can be taken to bolster Musk's argument.

Our Security Tip: Don't Do Any of This

Normally, we like to wrap up our coverage of cybersecurity news with a few tips — don't trust email messages with misspelled email addresses, get all your employees a VPN, and run a quick security workshop to help guide employees away from obvious phishing scams or using 123456 as their password.

But frankly, none of that would have helped Twitter if all or even just most of Zatko's deeply upsetting claims are true.

Yes, you should get a high-quality password manager to stay safer on the internet. But there's no software to fix a rotton company culture. If your business has reached the point at which a former head of security has sent a dossier to your nation's government alleging your company is a threat to democracy, our security tip is to rethink your life decisions.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals