Twitter whistleblower alleges 'extreme, egregious deficiencies' on cybersecurity issues

Peiter 'Mudge' Zatko, who was fired from Twitter in January, sent the whistleblower disclosures to Congress in July

Twitter's former security chief accused the social media giant of "extreme, egregious deficiencies" related to cybersecurity issues that put the company's users and shareholders and national security at risk, according to a whistleblower complaint filed with government agencies.

The whistleblower, who has agreed to be identified as Peiter "Mudge" Zatko, sent an 84-page filing to Congress in July, which has been obtained in a redacted version by FOX Business. The filing was first obtained by the Washington Post. 

The complaint states that Twitter executives misled the company's board, shareholders and federal regulators about "extreme, egregious deficiencies" in its cybersecurity defenses.  

Zakto also claims that about half of Twitter's 7,000 employees are given access to user data and that the company has "no visibility or control over thousands of devices used to access core company systems."

Ticker Security Last Change Change %
TWTR TWITTER INC. 40.84 +0.98 +2.46%


In addition, the complaint alleges that Twitter does not properly delete user data after they cancel their accounts and has "never been in compliance" with a 2011 Federal Trade Commission settlement related to charges that it failed to protect consumers' data.

On spam and fake accounts, Zatko alleges that Twitter executives are "not incentivized to accurately ‘detect’ or report total spam bots on the platform." Instead, they are incentivized to boost the company's monetizable daily active users (mDAU) counts with bonuses that can exceed $10 million. He also claims Twitter does not have the resources to fully understand the true number of bots on the platform.

Representatives for the Securities and Exchange Commission and Federal Trade Commission declined to comment.


The disclosures come as Twitter sues Elon Musk in the Delaware Court of Chancery over the termination of his $44 billion acquisition. 

Elon Musk in a jacket with a phone displaying the Twitter logo behind him

Elon Muck in front of Twitter logo on a smartphone screen.  (Photo Illustration by Sheldon Cooper/SOPA Images/LightRocket via Getty Images / Getty Images)

Musk, who has countersued, claims Twitter made misrepresentations about the total number of spam and fake accounts on its platform when it accepted his $54.20 per share acquisition offer in April. Twitter maintains that spam and fake accounts make up less than 5% of its users.


A Twitter spokesperson told FOX Business that Zatko was fired from his role in January for "ineffective leadership and poor performance." 

"What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context," the spokesperson said. "Mr. Zatko's allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be."

Musk attorney Alex Spiro said his firm has already subpoenaed Zatko. In addition, Musk has subpoenaed former Twitter CEO Jack Dorsey and a judge ruled that Twitter must collect, review and produce documents from Kayvon Beykpour, the company's former general manager of consumer product

"We found [Zatko's] exit and that of other key employees curious in light of what we have been finding," Spiro added. 

The trial for the case is slated to begin on Oct. 17.