The former head of security at the company, who has a long history of warning about internet security, came out on Tuesday and accused his former employer of putting users' personal data at incredible risk.
Peiter "Mudge" Zatko, a former hacker and cybersecurity expert, told CNN and Washington Post reporters that half of all employees have access to users' personal data.
Half of the company's full-time employees have access to the same user data as if they were full-time employees, according to the whistle blower. According to interviews with Zatko, a lot of employees have access to the platform's "production environment" which allows them to make changes to the platform itself. The company didn't record who went in or what happened. The former hacker said it was concerning that one of the thousands of employees who may have been sympathetic to the insurrectionists could have attempted to manipulate the platform.
Zatko claims that government agents have been allowed into the company by the social network. According to a report by the Washington Post, Zatko told federal officials and lawmakers that he believed the Indian government was trying to hire an agent on the social networking site. The National Security Division of the Justice Department, along with the Senate Intelligence Committee, received more information from the whistle blower.
The head-spinning allegations from Zatko are in conjunction with a 200 page whistleblower letter sent to multiple federal agencies and lawmakers on Capitol Hill, which is especially concerning considering the upcoming Midterm Elections. According to the reports, the complaints were sent on July 6.
According to the cover letter to the 200 page document provided to congressional lawmakers, Zatko had worked at the company for more than a year and that he believed it was in violation of many laws and regulations. After a massive hack in 2020, Zatko was hired by Jack Dorsey, who later left his position to start a new company. According to CNN and WaPo, Zatko was fired in January and sent a letter to the board in February accusing them of having a lot of holes in security.
Zatko claims that Agrawal proposed to him that the company should allow Russia to open their local offices in order to be able to attack dissidents.
We contacted the organization that aided Zatko with his complaints. They confirmed the authenticity of the document shared by the Washington Post despite being precluded from doing so.
CNN reporter Donie O' Sullivan shared a letter that was sent to staff by the CEO of the company, telling them that Zatko's story was false.
The company will defend its integrity and set the record straight.
The email statement said that Mr. Zatko was fired for poor performance. We have seen a false narrative about our privacy and data security practices, which is filled with inconsistencies and inaccurate information. The timing and allegations of Mr. Zatko appear to be designed to hurt the company and its customers. Privacy and security have always been a priority for the company as a whole.
"Mudge stands by everything in his disclosure, and his career of ethical and effective leadership speaks for itself." said John Tye in an email statement sent to Gizmodo. The focus needs to be on the facts in the disclosure.
The allegations of giving employees access to user data comes soon after the U.S. convicted a former employee for working on behalf of Saudi Arabia's crown prince. According to the feds, Ahmad Abouammo used his access to send user info on Saudi dissidents to the Saudis. Even though he was a media partnership manager, he still had access to user data.
In 2010, the Federal Trade Commission settled with the social network over allegations that it failed to safeguard user info, and that it allowed hackers to get into the platform twice in a row. The accounts that were hacked were high-profile, such as that of then- President Barack Obama. Zatko said that the company had never been in compliance with the order and that it had suffered security incidents that were serious enough to require disclosure to the government.
It's difficult to keep on the straight and narrow with how you handle user data. In May of this year, it had to pay the FTC $150 million for giving advertisers access to users phone numbers and email. The company has a poor record with personal information. The first attempts to allow users to send money to each other could cause them to send out their home address.
As a result of Zatko's allegations about bots, the crusade to end Musk'sTwitter deal has been intensified. The lawyers for the social media company claimed that Musk's claims of bot overload were not true. Alex Spiro, Musk's lawyer, told reporters that they have issued a subpoena to Mr. Zatko, and that they found his exit and that of other key employees curious.
Zatko's lawyer told CNN that Zakto had not been in contact with Musk and that he had started this process even before Musk first said he wanted to buy the social networking site.