How Twitter was rocked by whistleblower allegations

In the disclosure, Zatko alleged that the company has serious security and privacy vulnerabilities that could put users, investors, and U.S. national security at risk. He also alleged Twitter executives misled regulators and even the company’s own board of directors about its shortcomings.

Twitter (TWTR) criticized Zatko and broadly defended himself against the allegations, saying the disclosure paints a “false narrative” by the company and is “tricked with inconsistencies and inaccuracies”. Zatko was fired from Twitter in January for what a company spokesperson called “ineffective leadership and poor performance.”

The multitude of strong reactions to Zatko’s disclosure from lawmakers, regulators and cybersecurity industry experts, not to mention Musk’s lawyers, raises the possibility that the allegations could have significant and lasting implications. for social media company. To make matters worse, it comes at a time when Twitter is already grappling with uncertainty among its employees, shareholders and advertisers about its ongoing deal with Musk.

The disclosure – which totals about 200 pages, including supporting documents – was sent last month to several US government agencies and congressional committees, including the Securities and Exchange Commission, Federal Trade Commission and Department of Justice. CNN obtained a copy of the disclosure from a senior Democratic official on Capitol Hill. The SEC, DOJ and FTC declined to comment.

Twitter shares fell 7% on Tuesday after the disclosure was announced. The company’s shares were already hurting amid Musk’s bid to pull out of his $44 billion deal to acquire the platform, and are now trading at just over half of their all-time high, near $80 last February.

Here’s a look at the immediate fallout after the disclosure was reported:

Lawmakers and regulators are starting to ask questions

On Wednesday, the day after the disclosure was first reported by CNN and the Washington Post, the Senate Judiciary Committee announced that it hold a hearing with Zatko to discuss his allegations of security breaches and misleading statements by Twitter executives.

The hearing is scheduled for September 13, which happens to be the same day Twitter shareholders are due to vote on whether to approve Musk’s $44 billion takeover deal.

How Twitter Security Affects Your Security

“Mr. Zatko’s allegations of widespread security breaches and interference by foreign state actors on Twitter raise serious concerns,” said Senators Dick Durbin and Ranking Republican Committee Chairman Chuck Grassley, respectively. “If these claims are true, they may show dangerous privacy and data security risks for Twitter users around the world.”

Other US lawmakers have also weighed in on the issue.

The Senate Intelligence Committee, which received a copy of the report, is taking the disclosure seriously and is holding a meeting to discuss the allegations, according to Rachel Cohen, spokeswoman for the committee. Sen. Richard Blumenthal, who chairs the Senate Consumer Protection Subcommittee, wrote a letter to the FTC on Tuesday calling on the agency to investigate the allegations and impose fines and individual liability on certain Twitter executives if an investigation reveals that they were responsible for security. forfeitures. Senator Ron Wyden on Wednesday renewed calls for Twitter to protect its users’ direct messages from prying eyes with secure end-to-end encryption.

Members of the U.S. House Homeland Security Committee on Thursday sent Twitter CEO Parag Agrawal a letter asking him to respond to Zatko’s allegations and explain Twitter’s readiness for mi -terms of 2022. And Twitter’s main regulator in Europe, the Irish Data Protection Commission, also said it was seeking information from the company in light of the allegations.

Implications for the Twitter-Musk lawsuit

The whistleblower’s disclosure could have major ramifications for Twitter’s fight with Musk over their acquisition deal. But Tesla’s CEO has been uncharacteristically quiet since the news broke.

Tuesday, Musk tweeted a meme of Jiminy Cricket (Pinocchio’s conscience in the Disney classic) with the words “give a little whistle”, as well as a screenshot of part of a Washington Post article discussing the process of Twitter to measure spambots. This last question became central to Musk’s attempt to get out of the deal. (Twitter said it stood by its publicly disclosed metrics and accused Musk of using bots as a pretext to back out of a deal he now has buyer’s remorse for.)
Musk lawyers bring up Twitter whistleblower during acquisition deal hearing

But while Musk has said little about Zatko, his lawyers are clearly interested in the former Twitter security chief. Musk’s attorney, Alex Spiro, told CNN on Tuesday that the billionaire’s legal team assigned Zatko to the case even before news of the disclosure broke.

At a Wednesday hearing in the case, Spiro mentioned Zatko repeatedly, in a first look at how Musk’s team could use the new allegations in their legal battle. Spiro suggested during the hearing that the billionaire’s team didn’t trust Twitter’s estimate for spam accounts and monetizable daily active users (mDAU), a key metric it provides to investors, and said Musk’s team was requesting information that would allow them to test the measures.

“They have an economic incentive to mislead,” Spiro said. “There is a whistleblower complaint that has now been filed publicly which speaks to the false information provided.”

In the disclosure, Zatko claimed that Twitter lacked an accurate count of the number of spam and fake bot accounts on its platform and that the company had little incentive to undertake a full count of these accounts, allegations that could potentially bolster Musk’s claims. Musk’s lawyers could also try to grab on other allegations in the disclosure unrelated to the bots – including allegations that Twitter made false statements to regulators such as the Federal Trade Commission and the Securities and Exchange Commission about its privacy practices and security – as additional reasons why he should be able to withdraw from the deal.

(Zatko told CNN that his disclosure was unrelated to the acquisition, that he had no personal relationship with Musk, and that he began documenting the concerns that would become his disclosure before he there is no indication of Musk’s involvement with Twitter.)

Twitter says it allows bots on its platform, such as good bots that tweet news alerts, but its rules prohibit those that spam or manipulate the platform. The company says it routinely challenges, suspends, and removes accounts involved in spam and platform manipulation, including typically deleting more than a million spam accounts each day. He declined to answer CNN’s questions about the total number of accounts on the platform or the total number of new accounts added each day.

Reassure employees

Twitter executives have publicly pushed back against the allegations and tried to stem the fallout internally.

Agrawal wrote an internal memo to employees on Tuesday, obtained by CNN, pledging to dispute the allegations in the disclosure and seeking to reassure employees, calling the allegations “frustrating and confusing to read.”

The situation also came up during a regular company-wide meeting Meet on Twitter on Wednesday. Agrawal opened the meeting by pushing back against Zatko’s claims, saying a “false narrative” has been created about the company that “currently challenges our integrity.” Details of the call were shared with CNN by a Twitter employee.

At Wednesday’s meeting, Sean Edgett, Twitter’s general counsel, said the company contacted regulators and “various agencies around the world” when the company learned of Zatko’s allegations.

On Thursday, Twitter confirmed to CNN that it will combine its teams working to prevent toxic content and spam bots to better combat bad actors and increase transparency around its efforts to improve the health of the platform. form, a first step. reported by Reuters. A spokesperson did not directly respond to questions about whether the reorganization is related to the disclosure.

Leave a Comment