Whistleblower alleges Twitter hid security flaws from regulators

Lawmakers have already begun to lash out at the company over the allegations.

Whistleblower alleges Twitter hid security flaws from regulators

Twitter's former security chief has filed a sweeping whistleblower complaint claiming the company deceived regulators about deficiencies in its security against cyberattacks and didn't do enough to fight spam — accusations that could spark Congress to take action against the company and endanger its legal fight against Elon Musk.

Peiter Zatko submitted the complaint in July to the Security and Exchange Commission, the Justice Department, the Federal Trade Commission and Congress, according to copies of the documents published by CNN and The Washington Post.

Zatko said in his complaint that he attempted to flag the security vulnerabilities to Twitter's board and alleged non-compliance with a 2011 settlement with the FTC for putting users' privacy at risk and failing to protect their personal information.

"Large technology companies need to know what the risks are and they need to have the appetite to fix it," Zatko told CNN in an interview.

However, Twitter called foul, saying in a statement that Zatko was fired in January 2022 for "ineffective leadership and poor performance." The company also rejected the allegations, saying Zatko has provided a "false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies." The company also defended its compliance with the FTC settlement, saying it was audited biannually by external auditors, and Zatko was not part of the process.

The SEC declined to comment. The FTC and DOJ didn't respond immediately for comment.

Zatko is represented by Whistleblower Aid, the nonprofit law firm that represented former Facebook employee Frances Haugen, who filed complaints with the SEC and Congress last fall alleging Instagram knew its algorithms pushed unhealthy body images to young girls.

Haugen's revelations led to congressional hearings and kids safety legislation. Following Zatko's complaint, lawmakers are also pledging to take action. Sen. Dick Durbin (D-Ill.), the head of the Senate Judiciary Committee, said in a statement that he plans to "continue investigating" the issue to "get to the bottom of these alarming allegations."

Zatko was hired to take over the company's security operations by former Twitter CEO Jack Dorsey after it faced a massive cyberattack in 2020, impacting accounts of prominent politicians such as former presidents Barack Obama and Donald Trump as well as then-presidential candidate Joe Biden.

The whistleblower complaint could complicate the lawsuit that Twitter filed against Musk for attempting to break his agreement to buy the company for $44 billion. Musk has alleged that the company has severely undercounted the number of spam and bots on the platform. Zatko said in the complaint that current Twitter CEO Parag Agrawal was "lying" when he tweeted that the company was encouraged to find and take down spam as possible.

John Tye, Zatko's lawyer at Whistleblower Aid, told CNN that Zatko was not working behind the scenes with Musk's team.

Eric Geller contributed to this report.