Whistleblower calls out Twitter for spambots and mishandling user data

What you need to know

• A former Twitter employee has revealed troubling security policies at the company.
• It's alleged that Twitter does not have the resources to ascertain the number of bots on its platform.
• Twitter and Elon Musk have publicly squabbled over the platform's bot count.
• The social media platform denies the allegations made by the former employee, which are currently being investigated.

As if the situation with Elon Musk wasn't enough, Twitter's problems are being conflated by allegations emerging from a former employee. According to the employee, Twitter has functioned under questionable security and privacy practices while not being completely honest about bots.

The report comes from both CNN and The Washington Post, which obtained a disclosure sent to Congress where the whistleblower, Peiter "Mudge" Zatko, alleges concerning security practices and mishandling of user data.

Zatko previously worked at Twitter as head of security until January 2022, when he was fired for "poor performance." He says he tried to alert the company about its security lapses and was let go as a result. However, before he was let go, Twitter CEO Parag Agrawal allegedly discouraged Zatko from presenting an accurate picture of Twitter's security shortcomings to the company board.

Among Zatko's claims, he alleges that a significant number of Twitter employees have access to critical company software, giving them access to sensitive personal data while not closely monitored. Apparently, this access allowed employees to make changes to the system. Additionally, Twitter allegedly failed to delete user data when an account was deleted, partly due to the data being hard to locate within the company's network. An unnamed employee has stated that the company recently completed a project that aimed to locate and delete this data.

Other allegations include misleading the FTC about its security practices, senior executives covering up security shortcomings, and even employees involved with foreign intelligence.

One notable claim is that Twitter not only lacks the resources to gauge the number of spambots on the platform but that it also lacks the motivation to remove spam. The company estimates the presence of bots during its quarterly earnings reports. Twitter says that bots make up less than 5% of the company's monetary daily active users (mDAU), a number that's based on an internal review of sample accounts. Twitter followed by saying that it "may not accurately represent the actual number of such accounts, and the actual number of false or spam accounts could be higher than we have estimated."

This has been a point of contention for Elon Musk, who threatened to pull out of his acquisition of the platform until the company could provide a solid figure for spambots. Since the acquisition was first announced, Musk has been outspoken about wanting to remove bots from the platform. Now, Musk and Twitter are locked in a court battle as the latter seeks to keep the deal alive.

On Tuesday, Elon Musk tweeted a response to the allegations that Twitter chose to ignore its spambot problem.

Meanwhile, Twitter's CEO, Parag Agrawal, has denied the claims in a letter apparently sent to employees:

A Twitter spokesperson echoed these sentiments in a statement to Android Central:

"Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko's allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be."

The Verge reports that Congress is currently investigating the claims against Twitter.