Twitter has major security problems that pose a threat to its users' personal information, company shareholders, national security and democracy, according to an explosive whistleblower exposé published exclusively by the CNN and the Washington Post.
The disclosure, sent last month to Congress and federal agencies, paints a picture of a chaotic and reckless environment at a mismanaged company that allows too many of its staff to access central controls and the platform's most sensitive information without sufficient supervision.
It also claims that some of the company's senior executives are trying to cover up Twitter's serious vulnerabilities and that one or more current employees work for a foreign intelligence agency.
The whistleblower, who agreed to remain anonymous, is Peiter “Mudge” Zatko, who was head of security at the company, reporting directly to the CEO.
Zatko alleges that Twitter's leadership has misled its board and government regulators about security vulnerabilities, some of which open the door to foreign espionage or manipulation, hacking and disinformation campaigns.
Zatko also claims that Twitter does not reliably delete users' data after they cancel their accounts, and withholds from regulators that it does not delete data as required.
It also says Twitter executives don't have the resources to fully understand the true number of bots on the platform. Bots recently became the focus of Elon Musk's efforts to withdraw from an agreement $44 billion to buy the company.
Zatko was fired from Twitter in January. According to Zatko, his public complaint comes after he tried to highlight security gaps on Twitter's board and help Twitter fix years of technical deficiencies and noncompliance with a previous nondisclosure agreement with the Federal Trade Commission.
Zatko is currently represented by Whistleblower Aid, the same group that represented the Facebook whistleblower Frances Hagen.
John Tye, founder of Whistleblower Aid and Zatko's attorney, told CNN that Zatko has not been in contact with Musk and that the whistle-blowing began before there was any indication of Musk's involvement with Twitter.
"Mr. Zatko was terminated from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance," a Twitter spokesperson said.
“What we have seen so far is a false narrative about our privacy and data security practices that is filled with inconsistencies, inaccuracies and lacks meaningful context. Mr. Zatko's allegations and their opportunistic appearance seem designed to attract attention and damage Twitter, its customers and shareholders. Security and privacy have long been company-wide priorities and will continue to be."
Zatko also alleges that the Indian government forced Twitter to put a government agent on the payroll, giving him access to sensitive user data.