Twitter whistleblower set to testify about 'widespread security failures'
Former Twitter (TWTR) security chief Peiter “Mudge” Zatko will appear before the Senate Judiciary Committee on Tuesday to testify about what he says are widespread security failures at the social media company.
The hearing, scheduled to begin at 10 a.m. E.T., will focus on the allegations Zatko made in a whistleblower complaint filed in July with the Securities and Exchange Commission, Department of Justice, and Federal Trade Commission, which alleges that Twitter’s overall cybersecurity posture is woefully lacking.
Zatko, a widely respected “white-hat” hacker, says Twitter never complied with a 2011 FTC settlement requiring the company to implement a comprehensive security program that protects user data and prevents the platform from being exploited. Twitter fired Zatko in January for what it says was poor leadership.
The FTC and Twitter entered into the agreement after hackers broke into the social media site’s internal systems during two attacks in 2009 — and then posted tweets via user accounts, including one used by then-President Barack Obama.
“Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns,” Senators Dick Durbin (D-IL) and Chuck Grassley (R-IA) said in a statement announcing the hearing last month. “If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”
Among his allegations, Zatko says that 30% of Twitter employee devices had software and security updates disabled, and that Twitter never installed management software on employees’ smartphones that had access to corporate systems.
If true, Zatko’s claims paint a picture of a major technology firm that doesn’t follow even the most basic cybersecurity rules.
Twitter characterized Zatko’s allegations as false and lacking context.
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” a Twitter spokesperson said in an email to Yahoo Finance.
The Musk angle
The hearing comes against the backdrop of Twitter’s legal battle seeking to stop (TSLA) CEO Elon Musk from backing out of purchasing the social network for $44 billion.
Musk — who agreed to buy Twitter in April for $54.20 per share — said he was pulling out of the deal in July. He said he could no longer go through with it because Twitter refused to turn over data regarding how many bots are on the social network.
For years, Twitter has said that less than 5% of its monetizable daily active users mDAUs are bots. MDAUs is a measure of users that Twitter promotes to advertisers as an estimate of the human account-holders who are engaging with its platform. The number, which Twitter has said could be higher than estimated, is meant to be a subset of the total number of users on the platform that excludes bot accounts.
Musk contends that as many as 20% or more of Twitter’s mDAUs are bots; the face-off is now headed to a trial in a Delaware Chancery Court scheduled to begin Oct. 17.
Zatko could play a role in that dustup, too. In addition to his claims about Twitter’s security posture, Zatko says that Twitter’s executives disincentivized employees from looking into how many bots are on the platform and pushed to grow the total number of mDAUs.
Importantly, Zatko doesn’t challenge Twitter’s claim about bots making up less than 5% of mDAUs. Instead, he says because the company discourages employees from vetting bot numbers, it doesn’t know how many of the platform's total users are bots. That could throw a wrench into Twitter’s bid to force Musk to buy the company, litigation attorneys say.
Perhaps still more damaging for Twitter is the $7.75 million severance agreement the social media company paid to Zatko when it fired him in June. According to Musk, under the terms of the April purchase agreement, Twitter needed to inform Musk before making severance payments to employees that were outside of the normal course of business.
If Musk can prove that the payment wasn’t part of normal business, he may bolster his argument that the Delaware court should void the contract for his purchase of Twitter.
In a court filing responding to Musk’s amended justifications for backing out of the deal, Twitter says the payment doesn’t impact the purchase agreement.
Zatko will likely address his severance payment, as well as his time at the social network, during his testimony before the Senate Judiciary Committee on Tuesday.
Got a tip? Email Daniel Howley at [email protected]. Follow him on Twitter at @DanielHowley.
Alexis Keenan is a legal reporter for Yahoo Finance. Follow Alexis on Twitter @alexiskweed.
Click here for the latest technology business news, reviews, and useful articles on tech and gadgets
Read the latest financial and business news from Yahoo Finance
Download the Yahoo Finance app for Apple or Android
Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, and YouTube