Famed hacker who worked at Twitter accuses company of national security risks, Twitter responds

Social media company Twitter may have bigger troubles than the volume of fake accounts alleged by attempted buyer Elon Musk as a whistleblower has alleged massive security concerns on the platform could pose a national security risk.

(Video: CNN)

Peiter “Mudge” Zatko is a software engineer who built a reputation as a hacker in the 90s with his group the “Cult of the Dead Cow.” In 2020, his tech-savvy earned him a position as Twitter’s head of security to sort through vulnerabilities that had been exposed after high-profile accounts had been hacked into and, after drawing attention to other issues, he alleged in a July Securities and Exchange Commission complaint that he was fired.

Copies of the complaint were recently obtained by CNN and The Washington Post from a Democratic staffer wherein Zatko alleged the company had failed to adhere to an 11-year-old settlement with the Federal Trade Commission to deal with cybersecurity vulnerabilities. These risks had allowed accounts such as those belonging to then-presidential candidate Joe Biden and former President Barack Obama to be infiltrated leaving the public unaware if communications were accurate or not.

As set forth in the disclosure, the terminated head of security had discovered that nearly half of Twitter’s 10,000 employees have “access to sensitive live production systems and user data” and he provided CNN with an analogy of an airplane to explain how dangerous that was.

“So, you get on an airplane and every passenger and the attendant crew all have access to the cockpit,” Zatko explained, “to the controls–that’s entirely unnecessary. It might be easy, but…it’s too easy to accidentally or intentionally turn an engine off.”

In addition to these vulnerabilities, the software engineer accused Twitter executives such as CEO Parag Agrawal of failing to disclose the number of breaches the platform had experienced as they instead prioritized user growth which, as reported by the Post, provided those members a chance to “win individual bonuses of as much as $10 million tied to increases in daily users.”

Similar accusations have been leveled by Musk who is currently countersuing the platform after his acquisition was put on hold. The entrepreneur asserted that Twitter was misrepresenting the value of the company because of the number of fake accounts that exist and, ahead of an Oct. 17 trial, Musk subpoenaed former CEO Jack Dorsey to provide “documents and communications” to detail as much.

When questioned on the timing of the SEC filing with Musk’s suit, Zatko’s lawyer, founder of Whistleblower Aid John Tye, said that there has been no communication with the billionaire. Alex Spiro, a lawyer for Musk, seemed to corroborate that claim when he told CNN, “We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding.”

A spokesperson for Twitter told CNN that there was nothing curious about Zatko’s termination and that he “was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.”

“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” the spokesperson continued before asserting, “Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Kevin Haggerty


We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.

Latest Articles