According to news reports, including the Washington Post, Peiter Zatko, Twitter’s former head of security, has filed a whistleblower complaint with the Securities & Exchange Commission, which says the company has misled regulators about its security measures. He alleges the company violated its agreed terms when it settled a suit with the FTC back in 2011. Twitter, he says, has “extreme, egregious deficiencies” when it comes to defending the website against attackers.
Twitter had agreed to implement and monitor security safeguards to protect its users. Zatko says half of Twitter’s servers are running out-of-date and vulnerable software and that thousands of employees still have wide-ranging internal access to core company software, which had previously led to breaches.
He also alleged that security should be a bigger concern for the company, as it has access to the email addresses and phone numbers of numerous public figures, including dissidents and activists whose lives may be in danger if they are doxxed. Zatko is being represented by a non-profit firm in Washington D.C., Whistleblower Aid.