Last month, Peiter Zatko, the former head of security at Twitter, submitted a whistleblower disclosure to Congress, the Securities and Exchange Commission, the Federal Trade Commission, Department of Justice and other federal agencies alleging the social media platform has major cybersecurity vulnerabilities. Zatko said these vulnerabilities are “extreme, egregious deficiencies” that have the potential to put user data, company shareholders, national security and democracy at risk, according to an exclusive report by CNN and The Washington Post.

Zatko, who reported to Twitter’s CEO, said the company has misled their board and government regulators about potential dangers, including the possibility of “foreign spying or manipulation, hacking and disinformation campaigns.” He also said that some of the company’s leadership has tried to cover up the vulnerabilities, and one or more current Twitter employees may be working with a foreign intelligence agency.

According to CNN, after a two-year stint, Zatko was fired by Twitter in January for poor performance. In his complaint, Zatko said he was fired for trying to share security issues with Twitter’s board and attempting to help Twitter fix technical issues and suspected non-compliance with a privacy agreement with the FTC.

Twitter’s response

“Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance,” a Twitter spokesperson told CNN. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.”

“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be,” the spokesperson said.

In the disclosure, which was approximately 200 pages long, Zatko said too many Twitter staff have access to central controls and sensitive information without appropriate oversight. He also said Twitter does not adequately delete user data when users close their accounts and that Twitter executives don’t really understand how many bots exist on the platform.

The latter has been a major bone of contention between billionaire Elon Musk who planned to acquire Twitter for $44 billion before attempting to back out of the deal. That deal is now in jeopardy with Twitter and Musk engaged in a major court battle to determine who will prevail. The two head to a Delaware court on October 17 for a five-day trial. Musk has subpoenaed Zatko, reports CBS.

Senate Judiciary Committee hearing

In a separate report, CNN said the Senate Judiciary Committee will hold a hearing with Zatko on September 13 to discuss the allegations in his disclosure. The hearing will be held the same day that Twitter shareholders are slated to vote on Musk’s $44 billion acquisition proposal.

“Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns,” said Sens. Dick Durbin and Chuck Grassley, the committee’s chair and ranking Republican, respectively. “If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”

Sen. Durbin confirmed his position with a tweet yesterday.

Twitter stock

Despite the whistleblower news, Twitter stock has been holding steady for the last month. On August 1, Twitter stock closed at $40.89 per share. As of 7:54 p.m. EDT yesterday, Twitter was valued at $40.04 per share.

Insider Take

What a wild ride the last six months have been – and the fun and surprises just keep coming! Whether you believe all of Zatko’s claims or not, it seems that something is amiss at Twitter. The question is which, if any, allegations are true and what are the true risks to Twitter users, shareholders, the country and national security. Also, what impact will Zatko’s disclosure have on the Twitter vs. Musk trial. It seems like there is sufficient doubt that Twitter is not exactly what it purports to be, but what is Musk’s obligation? After all, he had the opportunity to do due diligence which he initially waived. Is he getting a steal, or did he buy the equivalent of a junk bond? This story is far from over, and you can rest assured we’ll be watching right alongside you.