Whistleblower claims Twitter misled regulators about spam accounts and buried ‘egregious deficiencies’

By Nickie Louise

On July 8, Tesla CEO Elon Musk announced he was backing out of the deal to buy Twitter for $4 billion over fake accounts and spam bots. In a letter to the Securities and Exchange Commission (SEC), Elon Musk said he’s seeking to end the $44 billion deal, citing a lack of sufficient information on fake accounts and spam bots. It turns out there’s more to the story and Musk might be right.

In an explosive whistleblower complaint published by The Washington Post, former Twitter security chief Peiter ‘Mudge’ Zatko alleges that Twitter buried ‘egregious deficiencies’ and misled regulators about lax security and bot and spam accounts.

Zatko claimed that the social media company misled federal regulators about the spam and bot accounts, according to complaints filed with the SEC, Federal Trade Commission, and Department of Justice, The Post reported.

The complaints were filed by nonprofit law firm Whistleblower Aid, which is representing Twitter’s former head of security Peiter “Mudge” Zatko. In the complaint with the SEC, Zatko alleged that he “witnessed senior executive engaging in deceitful and/or misleading communications affecting Board members, users and shareholders” on multiple occasions in 2021, during which CEO Parag Agrawal asked Zatko to provide false and misleading documents.

CNN also reported that Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to, citing Zatko’s complaints. A lawyer representing Zatko said the former Twitter employee has had no contact with Elon Musk, who in July said he was withdrawing his $44 billion bid to acquire the company.

“We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other key employees curious in light of what we have been finding,” Musk attorney Alex Spiro of Quinn Emanuel told media outlets.

Zatko alleges that a tweet by CEO Agrawal on May 16, which said the company is “strongly incentivized to detect and remove as much spam as we possibly can, every single day” was “a lie.” He said Twitter executives are not incentivized to detect bots and “senior management had no appetite to properly measure the prevalence of bot accounts” because “if accurate measurements ever became public, it would harm the image and valuation of the company.”

Zatko further alleged that Twitter didn’t have proper security controls in place. According to The Washington Post, about 7,000 Twitter employees had “wide access to the company’s internal software, and that access was not closely monitored.”

In a statement, Twitter said Zatko was fired in January “for ineffective leadership and poor performance.”

“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” a Twitter spokesperson told CNBC. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Meanwhile, an analysis conducted by Israeli cybersecurity company CHEQ back in May found that 12% of all traffic originating from Twitter is made up of bots. “Up to 12% of all traffic originating from Twitter is made up of bots.” CHEQ found that 11.71% of all website visits originating from Twitter were by bots or fake users.

In a May 17 tweet, Musk said that “20% fake/spam accounts, while 4 times what Twitter claims, could be much higher. My offer was based on Twitter’s SEC filings being accurate.”