Twitter Inc misled federal regulators about its defenses against hackers and spam accounts, the social media company’s former security chief Peiter Zatko said in a whistleblower complaint.
In an 84-page complaint, Zatko, a famed hacker more widely known as “Mudge,” alleged Twitter falsely claimed it had a solid security plan and said he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software, according to documents relayed by congressional investigators.
The whistleblower filing comes as the social media company is embroiled in a legal battle with Tesla Inc Chief Executive Elon Musk after the world’s richest person said in July he was ending an agreement to buy the company in a $44 billion deal alleging it had violated the deal contract.
Musk has accused Twitter of hiding information about how it calculates the percentage of bots on the service. A trial is scheduled for Oct. 17.
The complaint by Zatko was filed last month with the U.S. Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC), according to the Washington Post. The complaint, which was first published by the Washington Post and CNN, was also sent to congressional committees.
“We are reviewing the redacted claims that have been published but what we have seen so far is a false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context,” Twitter Chief Executive Parag Agrawal told employees in a memo tweeted by a CNN reporter and confirmed by Twitter.
The Senate Judiciary Committee’s top Republican, Chuck Grassley, said in a tweeted statement that the complaint raised serious national security concerns and privacy issues and needed to be investigated.
“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure, and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” he said.
The FTC declined to comment. A spokesperson for the Senate Intelligence Committee said it had received the complaint and was in the process of setting up a meeting to discuss the allegation. “We take this matter seriously.”
Twitter’s shares fell 4% to $41.10.
The whistleblower document alleges Twitter prioritized user growth over reducing spam. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, as per the complaint, and nothing explicitly for cutting spam.
Whistleblower Aid, which represents Zatko, said he stands by everything in his disclosure. It also confirmed the authenticity of the disclosure as published on the Washington Post website.
Twitter executives don’t have the resources to fully understand the true number of bots on the platform, CNN reported, citing the complaint.
Musk could not be reached for comment.
Musk’s legal team has subpoenaed Zatko, CNN reported after the whistleblower disclosure was made public.
In January, Twitter said nL1N2U11KV Zatko was no longer its head of security, two years after being appointed to the role.
John Tye, founder of Whistleblower Aid and Zatko’s lawyer, said Zatko has not been in contact with Musk and began the whistleblower process before there was any indication of the Silicon Valley billionaire’s involvement with Twitter, according to CNN. (Reporting by Chavi Mehta and Ankur Banerjee in Bengaluru; Additional reporting by Tiyashi Datta in Bengaluru and Peter Henderson in Oakland; Editing by Kenneth Li, Saumyadeb Chakrabarty and Sriraj Kalluvila)