Twitter Has Security Problems That Pose a Threat to Its Users’ Personal Information

From The Poynter Report with Tom Jones:

From CNN’s Donie O’Sullivan, Clare Duffy and Brian Fung: “Twitter has major security problems that pose a threat to its own users’ personal information, to company shareholders, to national security, and to democracy, according to an explosive whistleblower disclosure obtained exclusively by CNN and The Washington Post.”

The Washington Post’s Joseph Menn, Elizabeth Dwoskin and Cat Zakrzewski wrote that whistleblower Peiter “Mudge” Zatko “depicts Twitter as a chaotic and rudderless company beset by infighting, unable to properly protect its 238 million daily users including government agencies, heads of state and other influential public figures.”

It’s a stunning whistleblower complaint, which was filed last month to Congress and federal agencies.

The Post wrote that among the most serious complaints is that “Twitter violated the terms of an 11-year-old settlement with the Federal Trade Commission by falsely claiming that it had a solid security plan. Zatko’s complaint alleges he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software and that executives withheld dire facts about the number of breaches and lack of protection for user data, instead presenting directors with rosy charts measuring unimportant changes.”

CNN went on to write that the complaint, “paints a picture of a chaotic and reckless environment at a mismanaged company that allows too many of its staff access to the platform’s central controls and most sensitive information without adequate oversight. It also alleges that some of the company’s senior-most executives have been trying to cover up Twitter’s serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence service.”

CNN also added, “While the disclosure to Congress is edited to omit sensitive details pertaining to the national security claims, a more comprehensive version with supporting documents has been delivered to the Senate Intelligence Committee and to DOJ’s national security division, according to the disclosure.”

Twitter fired Zatko in January for what it claims was poor performance. Zatko says his whistleblower complaint comes after he tried to warn Twitter’s board about security concerns. The complaint also alleges Twitter emphasized user growth over reducing spam. Zatko, who was hired by former CEO Jack Dorsey in late 2020 after Twitter was the victim of a major hack, told the Post, “I felt ethically bound. This is not a light step to take.”

CNN’s Brian Fung detailed how the whistleblower claim shows Twitter might be vulnerable to exploitation by foreign governments. Fung, citing the complaint, wrote that Twitter “may even have foreign spies currently active on its payroll.”

Fung wrote, “From taking money from untrusted Chinese sources to proposing the company give into Russian censorship and surveillance demands, Twitter execs including now-CEO Parag Agrawal have knowingly put Twitter users and employees at risk in the pursuit of short-term growth, Zatko alleges.”

How else might it impact national security? Garrett Graff, a CNN analyst and contributing editor at WIRED, told CNN’s “New Day”that misinformation spreading quickly on Twitter is a big concern. He said, “Twitter, in many ways, is where wars can start in this moment. The information could move there faster in an attack than anyone would be able to respond to.”

A Twitter spokesperson said, “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.”

A question that has quickly come up since this news broke: What might this mean for Elon Musk? The world’s richest man attempted to take over the company, but has since tried to back out of the deal.

After the CNN and Post stories were published, Musk tweeted a photo of the Disney character Jiminy Cricket with the words, “Give a little whistle.” He then posted a screenshot of part of the Post story and wrote, “So spam prevalence *was* shared with the board, but the board chose not disclose that to the public.”

CNN’s Clare Duffy wrote, “… the new disclosure could help bolster Musk’s argument and potentially encourage the court to pay closer attention to the bot issue. Moreover, Musk’s legal team could attempt to seize on other claims in the disclosure unrelated to bots — including allegations that Twitter made misrepresentations to regulators such as the Federal Trade Commission and Securities and Exchange Commission about its privacy and security practices — as additional reasons he should be able to walk away from the deal.”

Duffy’s story is long and extremely detailed, so be sure to check it out.

Meanwhile, the Post’s Joseph Menn has more on Zatko in “Twitter whistleblower won hacker acclaim for exposing software flaws.”And CNN had the first on-air interview with Zatko.

Speak Your Mind