Twitter Concealed Known Security Flaws

US social media giant Twitter has been accused of hiding major security flaws. A whistleblower has spken out to accuse Twitter of consistently lying to customers and government  officials about its attempts to repair its users data security.

While caught up in a legal battle against Elon Musk, Twitter’s former security chief until January of this year has blown the whistle on how the social media platform handles cyber security. 

Former Chief Security Officer, Peiter Zatko, has accused Twitter of severe cyber security mismanagement in a complaint filed to the US Securities and Exchange Commission (SEC) filed on July 6.  Zatko alleges that the company has been hiding the spam and bots problem which began to emerge in the dispute between the social media giant and Elon Musk.

Twitter does not know how many fake, bots or spam automated accounts it has, according to allegations by its former head of security.

Peiter Zatko's is one of the world’s most famous hackers and leading cyber security experts and has now become a whistleblower and submitted a string of allegations of repeated security violations by his former employer Twitter.
Peiter Zatko's revelations, have been seized upon by lawyers for Elon Musk, who is trying to end his bid to buy Twitter, disputing its information on the number of fake accounts it has.

Twitter says Zatko's allegations contain many inaccuracies and inconsistencies and that he was sacked in January for ineffective leadership and poor performance.

Twitter has been in a dispute with Musk since the Tesla and SpaceX CEO’s decided to abandon a deal to purchase the site for $44 billion earlier this year. Musk said he no longer wished to purchase the company, as he could not verify how many humans were on the platform, while Twitter says it estimates that fewer than 5% of its daily active users are bot accounts.

Musk has said the social media company is heavily undercounting the number of spam and bot accounts on its platform as a primary reason he’s backing out. 

According to Zatko, Twitter's management have little incentive to accurately identify or report total spam bots on the platform. In a redacted copy of the SEC filing seen by CBS news, Zatko criticises Twitter's methodology for calculating the number of spam-bots. He claims he was unable to obtain from Twitter an "upper bound" for the number of bots, accusing senior management of having "no appetite to properly measure the prevalence of bots".

  • According to the Washington Post, the complaint "provides little hard evidence" to back up his assertions about bots and spam, although these allegations may be useful to Musk in his legal argument to withdraw from buying Twitter.
  • According to Mr Zatko's lawyer, he started the whistleblowing process before Musk began his  attempts to buy the platform became public, and has made no contact with Musk.
  • Alex Spiro, an attorney for Musk, told CNN it had issued a subpoena for Mr Zatko to be a potential witness. 

Twitter's server infrastructure is another equally serious vulnerability, the SEC filing claims. About half of the company's 500,000 servers run on outdated software that does not support basic security features such as encryption for stored data or regular security updates by vendors.

Washington Post:   BBC:     CNN:    Oodaloop:     FT:   Independent:   Yahoo:    PressTV

You Might Also Read: 

Twitter, Free Speech & Disinformation:

 

« Detect Spoofing Before Your Organisation Suffers Fraud
Healthcare Ransomware Attacks Have Almost Doubled »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

QuoLab

QuoLab

QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.