Skip to main content

Twitter whistleblower to testify in Congress over damning security revelations

Twitter whistleblower to testify in Congress over damning security revelations


EU data regulators say they’re also looking into allegations

Share this story

Peiter Zatko - Washington, DC
Peiter Zatko, Twitter’s former security chief-turned-whistleblower.
Photo by Matt McClain/The Washington Post via Getty Images

Twitter’s former security chief Peiter “Mudge” Zatko will testify in Congress next month after he went public with damning allegations about the social media company’s security practices and attempts to mislead regulators, the Washington Post reports. Zatko is scheduled to speak at a hearing on September 13th and is expected to address the privacy and national security concerns raised in his complaint.

“Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns,” said the chair of the Senate Judiciary Committee Senator Richard J. Durbin (D-Ill) and the committee top Republican Senator Charles E. Grassley (R-Iowa) in a joint statement. “If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”

Zatko has already met privately with Judiciary Committee staff, and has had three meetings on Capitol Hill, according to the Washington Post reports.

“If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users”

Zatko’s complaint has also drawn scrutiny from European data protection regulators, TechCrunch reports. The complaint claims that, if EU regulators had made enquiries about Twitter’s security practices, the company would have attempted to mislead them the same way it misled the FTC. Ireland’s Data Protection Commission, which leads enforcement of the EU’s General Data Protection Regulation (GDPR) for Twitter because of the location of the tech company’s EU headquarters, said it had “engaged with Twitter” over the issues raised in the whistleblower complaint. 

Meanwhile France’s data watchdog, CNIL, told TechCrunch that it is “currently investigating” claims made in Zatko’s complaint, and that its investigation could result in “an order to comply or a sanction” if Twitter is found to have broken the law. TechCrunch notes that it’s unclear what sanctions Twitter could face in the EU, but GDPR allows fines of up to 4 percent of a company’s global annual turnover depending on the severity of the violation.

Twitter declined to comment to The Washington Post on news of the hearing, and a representative from the company did not immediately respond to The Verge’s request for comment. But in an internal memo sent after the revelations became public, Twitter CEO Parag Agrawal said the claims are “a false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context” 

“Mr. Zatko was fired from his senior executive role at Twitter for poor performance and ineffective leadership over six months ago,” a spokesperson for the company told CNN when the allegations became public. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”

Zatko, who was fired by Twitter in January shortly after Agrawal became CEO, makes numerous damning claims about security lapses at the company in the complaint filed with the Securities and Exchange Commission (SEC) last month. In particular, he says the company has violated the agreement it made with the Federal Trade Commission (FTC) to uphold various security safeguards after a pair of security incidents in 2009. 

The former security chief also alleges that Twitter’s approach to measuring the number of bots on its platform is misleading, which if true would cast down on its claims that less than 5 percent of its monthly users are bots, fake accounts, or spam. This figure has proven key in Twitter’s ongoing legal battle with Elon Musk, after the Tesla CEO attempted to back out of his agreement to buy the social media network over a dispute about the number of bots on its platform.