A former Twitter security chief filed a whistleblower complaint alleging the company has major security issues including misleading regulators about its vulnerabilities, violating multiple U.S. security regulations, and failing to defend against hackers and fight spam, according to reports by CNN and The Washington Post.

Peiter “Mudge” Zatko sent the disclosure to the U.S. Congress and several federal agencies last month. Zatko, who was fired by Twitter in January, claimed that he raised the security concerns to the company before filing the complaint. 

In this 200-page disclosure, Zatko accused Twitter’s leadership of trying to cover up and mislead its board and government regulators about the company's serious security vulnerabilities that could allegedly be used for foreign spying, hacking, and disinformation campaigns, and also about required data deleting. He also claimed that the tech company's executives were not motivated or had the resources to know the number of bots on the platform. 

Twitter CEO Parag Agrawal, in an internal company memo, called Zatko’s accusation “a false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context.”

“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers, and its shareholders,” a Twitter spokesperson echoed in a statement. “Security and privacy have long been companywide priorities at Twitter and will continue to be.”

Agrawal also noted Zatko’s termination was due to “ineffective leadership and poor performance.” 

However, Vectra CTO Aaron Turner, who claims to have known Zatko for more than 20 years, told SDxCentral that Zatko “has always had the highest level of integrity and also adheres to the highest technical standards of development and operation of systems.” 

“If Mudge says that Twitter has cybersecurity problems, Twitter has some big problems,” Turner said. “From research that I coordinated after the 2020 incident, it was obvious that Twitter did not have appropriate privileged user management controls nor separation of duty policies for developers and administrators of their systems. ... If Mudge's disclosure is correct, that Twitter has a significant system hygiene problem combined with the user management controls and policies, then Twitter's entire platform is at risk of compromise." 

Zatko’s allegations seem to support Tesla CEO Elon Musk’s earlier claims that Twitter provided inaccurate and insufficient information about the platform’s spam and robot accounts. 

According to the disclosure, Agrawal “knows very well that Twitter executives are not incentivized to accurately ‘detect’ or report total spam bots on the platform.”

This account issue recently became a focus of Musk's legal argument as he attempted to pull out of the deal to buy Twitter for more than $44 billion. The company sued Musk last month to enforce the original agreement. 

According to CNN, Zatko's lawyer John Tye claims Zatko has not been in contact with Musk and started the complaint filing process “before there was any indication of Musk's involvement with Twitter.” An attorney for Musk told CNN they already issued a subpoena for Zatko, and “found his exit and that of other key employees curious in light of what we have been finding.”