People walking in front of Twitter's headquarters
Source: Getty

Whistleblower Peiter 'Mudge' Zatko Slams Twitter’s Cybersecurity

Rachel Curry - Author
By

Aug. 23 2022, Published 11:13 a.m. ET

Twitter’s former head of security Peiter “Mudge” Zatko has come forward as a whistleblower, alleging that the company grossly mismanages its cybersecurity.

Article continues below advertisement

Zatko worked at Twitter for less than two years. The company allegedly fired him after he attempted to notify the board of executives of major cybersecurity gaps. Now, Zatko — a well-known hacker with a history of working for the government — is coming clean about the real issues.

What did Peiter Zatko do? Hacker divulges Twitter’s cybersecurity problem.

twitter
Source: Wikipedia

Peiter "Mudge" Zatko

Zatko filed an official complaint about Twitter’s cybersecurity problem with the SEC, Federal Trade Commission (FTC), and Department of Justice (DOJ) as a publicly named whistleblower, according to documents obtained by The Washington Post.

Article continues below advertisement

The complaint says Zatko saw “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy” during his time at Twitter.

Zatko alleges Twitter suffered 40 cybersecurity incidents in 2020, “70 [percent] of which were access control-related” and half of which were considered official breaches.

Article continues below advertisement

Zatko has specific complaints against Twitter.

Zatko points out numerous alleged wrongdoings at Twitter headquarters:

  • Twitter source code lives on the devices of thousands of employees.

  • Many devices block automatic security updates and firewalls.

  • Many devices remotely access non-approved activities.

  • Twitter fails to closely monitor employee activity on work computers, leading to employees “intentionally installing spyware on their work computers at the request of external organizations,” according to Zatko.

  • Approximately 5,000 employees can access and edit internal software.

  • Much of the stored data at data centers isn't encrypted.

Zatko says he “reasonably feared Twitter could suffer an Equifax-level hack” during his time at the company. The 2017 Equifax data breach left 147.9 million Americans vulnerable (the U.S. ultimately indicted Chinese military members for the hack).

Interestingly, Zatko says bots may actually rule Twitter and that the company isn't equipped to fully understand the breadth of the issue.

Article continues below advertisement

Twitter responded with a vanilla statement.

In response to the whistleblower complaint, Twitter spokesperson Madeline Broas told reporters the following statement:

“Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Article continues below advertisement

Do we know Peiter Zatko’s estimated net worth?

Twitter founder and former CEO Jack Dorsey recruited Zatko himself after a highly publicized 2020 hack that left multiple high-profile accounts (including Bill Gates, Elon Musk, and former President Barack Obama) vulnerable.

For decades, Zatko has been helping close cybersecurity holes for federal and associated organizations, leading to his 2013 Office of the Secretary of Defense Exceptional Public Service Award.

In true cybersecurity expert fashion, an accurate measure of his estimated net worth isn't available. Estimates range from 7–8 figures, but at this point, only Zatko knows the true scope of his assets.

Advertisement

Latest Twitter Inc News and Updates

    © Copyright 2022 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.