Image source: CBC
News surfaced on Tuesday that a former Twitter executive had spoken out against the company, leading to a meeting with employees on Wednesday.
Twitter CEO Parag Agrawal opened the company-wide meeting, dismissing claims from former security chief Peiter “Mudge” Zatko.
The whistleblower disclosure claims that the company’s security practices are so bad that they pose a threat to national security and democracy.
Zatko also claims that the company’s management teams tried to hide security practices.
Agrawal said a “fake story” created via Twitter is “currently challenging our integrity.”
“I know that can be frustrating,” said Agrawal. “I know it can be challenging.”
Peiter Zatko claimed that the company had underestimated the number of fake accounts and active spam on the platform.
His allegations could delay the legal battle between Twitter and Elon Musk, who are currently trying to cancel their $44 billion deal to buy the company.
Zatko also criticized Twitter’s handling of sensitive information, saying it failed to properly report some of the issues to US regulators.
A Twitter spokesperson revealed the meeting was part of its regular company-wide meetings – it was scheduled before the news broke on Twitter.
The company denied Zatko’s allegations. Twitter said Zatko’s whistleblower disclosure was “riddled with inconsistencies and inaccuracies and lacks important context.”
They also revealed that Zatko had been removed from office due to his ineffective leadership and poor performance.
Meanwhile, Zatko claims he was fired for raising the alarm internally about Twitter’s security practices.
Speaking at the meeting, Twitter general counsel Sean Edgett said the company contacted regulators and various authorities around the world after learning of Zatko’s allegations.
Senator Richard Blumenthal asked the Federal Trade Commission to investigate Zatko’s allegations.
The Irish Data Protection Commission, the company’s main regulator in Europe, said it was seeking information from Twitter amid the allegations.
Rebecca Hahn, Twitter’s head of global communications, said there are many reasons the company was unable to address the allegations, possibly citing the ongoing legal dispute between Twitter and Elon Musk.
Hahn joined the company over a month ago and said she was inspired by the “level of ethics, passion and care” on Twitter.
Hahn reassured colleagues about the company’s public response.
“The truth will get out there,” said Hahn. “We’re always on the right side of history on this.”
Not all of Zatko’s claims were addressed during the conversation, and Chief Privacy Officer Damien Kieran said the allegations were false, listing the steps Twitter was taking to protect laptops and other infrastructure from hacking.
“The idea that the number of incidents that our detection and response team investigates is some indicator of bad or negative impact at Twitter is just false,” Kieran reassured employees.
Twitter and Peiter Zatko have different definitions of what a security incident is.
Zatko’s disclosure defines an incident as something “significant enough to cause a work stoppage” and distracts staff from determining the extent of the problem.
Meanwhile, Kieran’s definition is broader and more friendly, and he describes security incidents as any suspicious digital activity under investigation by Twitter’s security team.
According to Keiran, after the 2020 hack that compromised celebrity accounts, Twitter implemented tighter security controls to ensure the same attack never happened again.
Security measures include requiring employees to use “two-factor authentication” or add an extra layer of security when accessing IT applications.
Twitter whistleblower raises security concerns
Twitter executives face question from employees after whistleblower claims