In the disclosure, Zatko alleged that the company had serious security and privacy vulnerabilities that could harm US users, investors and national security. He also alleged that Twitter executives had misled regulators and even the company’s own board about its shortcomings.

Twitter (TWTR) has criticized Zatko and has widely defended himself against the allegations, saying the disclosures paint a “false narrative” of the company and are “filled with inconsistencies and inaccuracies.” Zatko was fired from Twitter in January for what a company spokesman said was “ineffective leadership and poor performance.”

The sheer number of sharp reactions to Zatko’s disclosures from lawmakers, regulators and cybersecurity industry experts, not to mention Musk’s lawyers, raises the prospect that the claims could have significant and long-lasting implications for social media companies. Worse, it comes at a time when Twitter has been grappling with uncertainty among employees, shareholders and advertisers of its pending deal with Musk.

The disclosure – which totals about 200 pages, including supporting exhibits – was sent last month to several US government agencies and congressional committees, including the Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice. CNN obtained a copy of the disclosure from a senior Democratic aide on Capitol Hill. The SEC, DOJ and FTC declined to comment.

Twitter shares fell 7% on Tuesday following news of the disclosure. Shares of the company have already suffered amid Musk’s bid to exit a $44 billion deal to acquire the platform, and are now trading at more than half of their near-$80 all-time high last February.

The following are the immediate effects after reporting the disclosure:

MPs and regulators start asking questions

On Wednesday, the day after the disclosures were first reported by CNN and The Washington Post, the Senate Judiciary Committee announced it would hold a trial with Zatko to discuss his allegations of security failures and misleading statements by Twitter executives.

The hearing is scheduled for September 13, which happens to be the same day Twitter shareholders will vote on whether to approve Musk’s $44 billion takeover deal.

How Twitter security affects your security

“Mr Zatko’s allegations of widespread security failures and interference by foreign state actors on Twitter raise serious concerns,” said Senators Dick Durbin and Chuck Grassley, the committee chair and Republican rankings, respectively. “If these claims are accurate, they may represent a dangerous data privacy and security risk for Twitter users around the world.”

Other US lawmakers have also weighed in on the matter.

The Senate Intelligence Committee, which received a copy of the report, took the disclosure seriously and held a meeting to discuss the allegations, according to Rachel Cohen, a spokeswoman for the committee. Senator Richard Blumenthal, who heads the Senate subcommittee on consumer protection, wrote to the FTC on Tuesday asking the agency to investigate the claims, and impose fines and individual liability on certain Twitter executives if the investigation finds them responsible for security lapses. Senator Ron Wyden on Wednesday renewed a call for Twitter to protect its users’ direct messages from prying eyes with secure end-to-end encryption.

Members of the US House Committee on Homeland Security on Thursday sent Twitter CEO Parag Agrawal a letter demanding that he address Zatko’s allegations and explain Twitter’s readiness for the 2022 midterms. And Twitter’s main regulator in Europe, the Irish Data Protection Commission, also said it was looking into information from the company in relation to the allegation.

Implications for the Twitter-Musk Trial

The whistleblower’s disclosure could have major ramifications for Twitter’s fight with Musk over their acquisition deal. But the Tesla CEO has not been uncharacteristically silent in the days since the news broke.

On Tuesday, Musk tweeted a Jiminy Cricket meme (Pinocchio’s conscience in the Disney classic) with the words “give a little whistle,” as well as screenshots of some Washington Post stories discussing Twitter’s process for measuring spam bots. The latter issue has been at the center of Musk’s bid to walk out of the deal. (Twitter has said it supports the publicly reported measurements and accuses Musk of using bots as a pretext to walk out of a deal that buyers now regret.)
Musk's lawyer raises Twitter whistleblower at court hearing on acquisition deal

But while Musk doesn’t have much to say about Zatko, his lawyers are clearly interested in the former Twitter security chief. Musk’s attorney Alex Spiro told CNN Tuesday that the billionaire’s legal team had summoned Zatko in the case even before news of the disclosure was reported.

In Wednesday’s court hearing in the case, Spiro the Zatko several times, in an early preview of how Musk’s side could use the new allegations in its legal battle. Spiro suggested during the trial that the billionaire team did not trust Twitter’s estimates for spam accounts and monetizable daily active users (mDAU), the main metric it provides investors, and said Musk’s team asked for information that would allow them to test the measurements.

“They have an economic incentive to mislead,” Spiro said. “There is a whistleblower complaint that has now been made public speaking of false information being provided.”

In his disclosure, Zatko claimed that Twitter did not have an accurate count of the number of spam and fake bot accounts on its platform and that the company had little incentive to do a full count of those accounts, allegations that could potentially substantiate Musk’s claims. Musk’s lawyer can too trying to snatch on other claims in disclosures not related to bots — including allegations that Twitter made false statements to regulators such as the Federal Trade Commission and the Securities and Exchange Commission about its privacy and security practices — as additional reasons it should be able to leave the deal.

(Zatko told CNN that his disclosures were not related to the acquisition, that he had no personal relationship with Musk and that he began documenting concerns that would become his disclosures before any indication of Musk’s involvement with Twitter.)

Twitter says it allows bots on its platform, such as good bots that tweet news alerts, but its rules prohibit those who engage in spam or platform manipulation. The company says it regularly challenges, suspends and removes accounts involved in spam and platform manipulation, including typically deleting more than a million spam accounts every day. It declined to answer questions from CNN about the total number of accounts on the platform or the total number of new accounts being added each day.

Convince employees

Twitter executives have publicly rejected the allegations, and are trying to stem the internal impact.

Agrawal on Tuesday wrote an internal memo to employees, obtained by CNN, vowing to challenge the allegations in the disclosure and seek to convince employees, calling the allegations “frustrating and confusing to read.”

This situation also appears on a regular, company-wide schedule meeting on Twitter on Wednesday. Agrawal opened the meeting by rejecting the claims made by Zatko, saying a “false narrative” had been created about the company, which “currently challenges our integrity.” Details of the call were shared with CNN by a Twitter employee.

In Wednesday’s meeting, Sean Edgett, Twitter’s general counsel, said the company contacted regulators and “various agencies around the world” when the company learned about the allegations made by Zatko.

On Thursday, Twitter confirmed to CNN that it will combine its team working on preventing toxic content and spam bots to better fight bad actors and increase transparency around its efforts to improve the platform’s health, a first step. reported by Reuters. A spokesperson did not immediately respond to a question whether the reorganization was linked to the disclosure.

By Blanca

Leave a Reply

Your email address will not be published. Required fields are marked *