Whistleblower: Twitter has no control over security and fake accounts

Twitter doesnt have its security in order, and the companys leadership has no idea how many fake accounts the social media platform hosts. The company also misled regulators. Thats what Twitters former head of security Peter Zatko says in an 84-page indictment he sent to the U.S. Congress and regulators.

According to the whistleblower, the company considered growth more important than fighting spam from fake accounts. With growth, executives were able to rake in millions in bonuses. No bonuses were offered for reducing spam.

Zatko built a reputation in the hacker world under the alias Mudge. In 2020, he joined Twitter, where he was fired in January this year. According to Twitter because he performed poorly, according to Zatko after trying to warn the management of security risks and help the company eliminate technical shortcomings.

For example, the company would have perennial servers in use and work with vulnerable software. Thousands of employees could also access crucial business software easily and without a trace. According to Zatko, that did not change after it came out in 2020 that accounts of Elon Musk, Bill Gates, Barack Obama and tech companies such as Uber and Apple had been used for bitcoin scams.

Elon Musk

The whistleblowers indictment comes out at a time when Twitter has to defend itself against an indictment by businessman and Tesla billionaire Elon Musk. It withdrew from a takeover agreement with Twitter worth $44 billion in July.

According to Musk, Twitter refuses to tell how the company calculated the number of fake accounts active on the platform. The lawsuit is due on 17 October. Musks legal team has already sued Zatko, presumably to hear him as a witness.


A Twitter spokesperson tells The Washington Post that security and privacy have been among the top priorities company-wide for years. Zatkos accusations are said to be full of carelessness. He would be out to harm Twitter, his customers and shareholders.

According to the spokesperson, the security of the network has improved significantly after the large-scale hack of 2020. Also, the company would delete one million fake accounts per day.

Recipe for Disaster

The indictment that Zatko sent to government agencies leaked to US media. A Republican senator summed up for CNN his concerns about national security: Take a tech platform that collects a gigantic amount of data from users, combine that with what appears to be an incredibly weak security system, and add countries with malicious intent to that to the point: then you have the recipe for disaster.

The platform has 238 million users per day, including heads of state and other influential individuals and institutions.