17 Gifts at All-Time Lows Gifts Under $30 'Forest Bubble' on Mars RSV and the Holidays MyHeritage 'AI Time Machine' Postage Stamp Price Increase Household Items on Amazon Melatonin vs. GABA
Want CNET to notify you of price drops and the latest stories?
No, thank you

Twitter Whistleblower Accuses Company of Covering Up Security Problems

The social network's former head of security reportedly says US national security and users' personal information are at risk.

Twitter logo on a phone screen
Sarah Tew/CNET

A whistleblower complaint against Twitter accuses the social network of deceiving the public, federal regulators and the company's board of directors about serious security vulnerabilities, according to reports Tuesday from The Washington Post and CNN

The "explosive" whistleblower complaint reportedly comes from Twitter's former head of security Peiter "Mudge" Zatko. It alleges that the vulnerabilities pose a threat to national security and to democracy, in addition to putting the company's nearly 230 million daily users at risk, according to the reports. 

The complaint was filed last month with the US Securities and Exchange Commission, the Department of Justice and the Federal Trade Commission, according to the Post, which obtained a redacted version that was also given to some congressional committees. 

Nonprofit law firm Whistleblower Aid, which is representing Zatko, confirmed to CNET that the complaint is authentic. The firm also represented former Facebook product manager turned whistleblower Frances Haugen. Twitter hired Zatko to lead the company's security efforts in late 2020, but Twitter CEO Parag Agrawal reportedly fired him in January.

The complaint comes at a chaotic time for Twitter, a social media company that is in a high-profile legal battle with billionaire Elon Musk, who is trying to back out of purchasing the company for $44 billion. Musk, who leads Tesla and SpaceX, accused Twitter of misleading him about the number of spam and fake bot accounts on its platform. On Tuesday, Musk tweeted a meme that said "Give a little whistle."

Among the accusations in the complaint, Zatko reportedly alleges that the company's servers were using "out-of-date and vulnerable software" and that "thousands of employees still had wide-ranging and poorly tracked internal access to core company software," according to the Post. In addition to security vulnerabilities, the complaint also alleges that Twitter "prioritized user growth over reducing spam," the Post reported. 

A Twitter spokesperson pushed back on the reports, calling the whistleblower complaint inaccurate and opportunistic. 

"What we've seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context," the spokesperson said in an emailed statement. "Mr. Zatko's allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders." 

The spokesperson added that "security and privacy have long been company-wide priorities at Twitter and will continue to be."

Agrawal reportedly sent an email to employees Tuesday morning addressing the complaint. "Given the spotlight on Twitter at the moment, we can assume that we will continue to see more headlines in the coming days -- this will only make our work harder," he told staff.

The complaint is already sparking scrutiny from US lawmakers. Sen. Richard Blumenthal, a Connecticut Democrat, urged FTC Chair Lina Khan to investigate Twitter.

"These troubling disclosures paint the picture of a company that has consistently and repeatedly prioritized profits over the safety of its users and its responsibility to the public, as Twitter executives appeared to ignore or hinder efforts to address threats to user security and privacy," Blumenthal wrote in a letter to Khan.

The SEC and FTC declined to comment. The DOJ didn't immediately respond to a request for comment.