Peiter Zatko, Twitter's former security head, poses for a portrait on Aug. 22 in Washington, D.C. Zatko accused the company of ignoring major security vulnerabilities in an explosive whistleblower complaint.

Peiter Zatko, Twitter's former security head, poses for a portrait on Aug. 22 in Washington, D.C. Zatko accused the company of ignoring major security vulnerabilities in an explosive whistleblower complaint. / The Washington Post via Getty Images

Updated August 23, 2022 at 5:19 PM ET

Peiter Zatko, who until January served as Twitter's security head, has filed an explosive whistleblower complaint, alleging the company ignored major security vulnerabilities and misrepresented the number of "bots," or fake accounts, on the platform.

Zatko, who's also a well-known former hacker known as "Mudge," filed the complaint last month with the Securities and Exchange Commission and the Federal Trade Commission. The complaint was first reported by The Washington Post and CNN.

Zatko claims Twitter executives ignored multiple security vulnerabilities, including failing to follow basic conventions like properly safeguarding staff access to core software, promptly deleting closed accounts, and updating security software on company laptops and servers.

The whistleblower also accuses Twitter of misleading federal regulators about its progress toward tightening up the privacy and security of its users' accounts after a major hack.

The complaint adds that Twitter's policy toward fake accounts incentivized "deliberate ignorance" by undercounting spam accounts and providing bonuses to executives for growing the number of users on the platform, but not sniffing out bots.

Twitter's security vulnerabilities makes the platform vulnerable to foreign spies, hacking and disinformation campaigns, Zatko further alleges.

Elon Musk attends The 2022 Met Gala at The Metropolitan Museum of Art in New York City on May 2. A whistleblower complaint against Twitter comes as the company is in the midst of a legal battle with Musk.

Elon Musk attends The 2022 Met Gala at The Metropolitan Museum of Art in New York City on May 2. A whistleblower complaint against Twitter comes as the company is in the midst of a legal battle with Musk. / Getty Images for The Met Museum/Vogue

The claims come as Twitter battles Elon Musk

The complaint comes at a sensitive time for Twitter, which is preparing for a high-profile legal battle to compel billionaire Elon Musk to buy the company after he agreed to a $44 billion purchase deal.

But Musk is now looking to back out of the deal, arguing primarily that Twitter wasn't forthcoming about the number of bots and spam among daily active users on its platform – which the social media company has strongly denied.

The dispute between Twitter and Musk is scheduled to go to trial on Oct. 17.

Zatko was hired as Twitter's security head in 2020 by former CEO Jack Dorsey after teenage hackers took over high-profile verified accounts, including those belonging to former President Obama, then-presidential candidate Joe Biden, and Musk.

Twitter, in a statement, said Zatko's complaints are "riddled with inconsistencies and inaccuracies" and said he was fired for poor performance in January. It added the complaint was "opportunistic" and "designed to capture attention and inflict harm on Twitter, its customers and its shareholders."

Zatko said he tried to warn Twitter's risk committee in January that executives were ignoring security flaws, but was fired by CEO Parag Agrawal two weeks later.

Copyright 2022 NPR. To see more, visit https://www.npr.org.

Tags: Peiter Zatko  Mudge  Whistleblower  bots  Elon Musk  cybersecurity  Twitter