KEEPNET LABS > Blog > Twitter Whistleblower Complaint: The TL;DR Version

Twitter Whistleblower Complaint: The TL;DR Version

Twitter fired its former chief security officer. Peyterry “Madge” Satko’s 84-page disclosure report was filed to the U.S. government. Twitter CEO Parag Agrawal called it “a false story, full of inconsistencies and inaccuracies”. Twitter does not comply with the FTC’s 2010 decision to protect users’ personal information.

Twitter Whistleblower Complaint: The TL;DR Version

An 84-page disclosure report filed to the U.S. government last month by Twitter’s former security chief Peyter “Madge” Satko accused his former employer of negligent security practices and allegedly failing to comply with the FTC’s order to protect user data. Twitter quietly said he was a “disgruntled employee” who was fired because of poor performance and leadership. In a letter to employees, Twitter CEO Parag Agrawal claims that the statements are clearly “a false story, full of inconsistencies and inaccuracies and presented without any important context.”

Here’s a quick overview of Twitter’s accusations and responses. Zachko, a respected white hat hacker who served as Twitter’s chief security officer for about 15 months between 2020 and 2022, Decried Twitter for a series of poor security and privacy practices that threaten national security. Twitter is a poorly managed company that allows too many of its employee’s access to sensitive security and privacy controls without proper oversight. One or more Twitter employees may work for secret foreign intelligence services. This, Zatko said, raised concerns about the issue of national security. Almost half of Twitter’s servers lack basic security features, such as encrypting data, because the software that works for them is outdated or has not been updated. Twitter executives prioritize growth over safety, as they personally receive huge bonuses, reaching $ 10 million, as incentives for the company to expand rapidly.

The company does not comply with the FTC’s 2010 decision to protect users’ personal information. In addition, the company lied to independent auditors about the “expanded information security program” that the Ftc authorized in connection with an October 2010 order. Twitter does not respond to requests to delete users’ personal data due to technical restrictions. When Zatko tried to convey this and many other security and privacy issues to Twitter’s Board of Directors, the company’s management distorted its findings and/or tried to hide the report. Twitter has been allowed to some foreign governments.”.. Infiltrating, controlling, using, monitoring and/or censoring the company’s platform, staff, and activities,” reads a redacted whistleblower report submitted to Congress. Twitter does not have the tools or capabilities to accurately determine the actual number of fake (or bot) accounts on its platform. This question is at the heart of Elon Musk’s attempt to buy the company for $ 44 billion.

The essence of Twitter’s response is that he is a disgruntled employee, not doing his job well and making Twitter a scapegoat for his failures. It notes that it has quietly resolved most of the IT security issues in question and continues to actively address them. Twitter CEO Parag Agraval’s response, allegedly sent to Twitter employees inside the company, was published online. Innovation: @ paraga, the CEO of Twitter, commented on the story of the mask for the first time.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.