Home > India > Peiter Zatko’s SEC complaint breaks down Twitter security flaws
opoyicentral
Opoyi Central

2 years ago .San Francisco, CA, USA

Peiter Zatko’s SEC complaint breaks down Twitter security flaws

  • Peiter Zatko had filed a complaint with the Securities Exchange Commission last month
  • Zatko has said that Twitter has not maintained basic cybersecurity protocols
  • The complaint alleges that Twitter's data centers are outdated

Written by:Rwit
Published: August 24, 2022 06:02:46 San Francisco, CA, USA

Peiter Zatko has been thrust into the limelight after the cybersecurity researcher and the former head of security at Twitter, the company at the centre of a lawsuit against Elon Musk.

“Mudge” as he is sometimes called, had sent a disclosure to Congress and the Securities Exchange Commission last month alleging that Twitter’s cybersecurity was in shambles. In the discloure, accessed by The Washington Post and CNN, Zatko has accused the microblogging site of having gaps in their systems that pose a threat to the personal information of users, company shareholders and even national security and democracy.

The former head of security for the social media company was brought on board late in 2020 after a series of very public hacking incidents led to high profile Twitter accounts being compromised. Hacker’s had hijacked the accounts of prominent people like Joe Biden and Elon Musk. 

Also Read: Musk right about Twitter bot numbers? Whistleblower Peiter Zatko explains

In the complaint to the SEC, Zatko alleges that Twitter lacked the bare minimum requirements for cybersecurity. He said that thousands of employee laptops had access to the Twitter source code and that a third of them blocked automated security fixes, system firewalls were turned off and remote desktop access had been provided for non-approved services. Such is the negligence a Twitter, that Zatko said employees were “repeatedly found
to be intentionally installing spyware on their work computers at the request of external organizations,” according to the complaint.

In addition, over 5,000 of Twitter’s employees had access to internal software which would allow them the ability to tap into sensitive information regarding the company’s code, and even go so far as to change how the site worked. 

Further, Zatko alleges that the company’s 500,000 data centers run on outdated software that does not support basic cybersecurity measures. This in turn has led to an “anomalously high rate” of security incidents. In his complaint, the cybersecurity researcher wrote that of the 40 security incidents in 2020, all of them except two were related to access-control.

Related Articles

ADVERTISEMENT

© Copyright 2023 Opoyi Private Limited. All rights reserved