Washington Post<\/em><\/a>, Zatko accused Twitter of numerous severe security lapses and claimed that the executive team frequently misled government regulators and its own board of directors about the extent of vulnerabilities on the platform. The filing also claims that the company violated a privacy agreement made with the FTC that required it to delete the data of any users who decided to cancel their Twitter accounts and that the company intentionally manipulated data on the number of bot accounts on the platform.<\/p>\nIn a response provided to CNN \u2014 language from which was echoed in an email sent by Agrawal to Twitter staff \u2014 a Twitter spokesperson said that Zatko\u2019s allegations were \u201criddled with inconsistencies and inaccuracies\u201d and seemed \u201cdesigned to capture attention and inflict harm on Twitter, its customers and its shareholders.\u201d<\/p>\n
But Twitter\u2019s fierce pushback against Zatko\u2019s criticism prompted a backlash from many leading voices in the field, who spoke out to endorse the security expert\u2019s credentials and track record. Alec Muffett, an internet security expert and software engineer who worked on Twitter\u2019s efforts to launch a Tor service, told The Verge<\/em> that he had known Zatko for decades and trusted the claims made in the SEC disclosure.<\/p>\n\u201cI\u2019ve known Mudge since the mid 1990s when he \u2014 and the other members of the L0pht \u2014 were capable and scrappy hackers,\u201d Muffett said. \u201cHe demonstrated enormous creativity and drive towards improvement of internet security overall … I have no hesitation about supporting his observations as being both highly credible and concerning.\u201d<\/p>\n
Zatko first gained prominence as part of the L0pht, a Boston-based hacker collective known as an influential computer security research group in the 1990s. Notably, while the L0pht released software, the group also advised on policy, even giving testimony before the Senate<\/a> on internet security in 1998. In his earlier hacking days, Zatko was also a member of the notorious hacker group Cult of the Dead Cow, which also counted former presidential candidate (and current Texas gubernatorial candidate) Beto O\u2019Rourke as a member<\/a>.<\/p>\nAs his profile grew, Zatko took on roles with Defense Advanced Research Projects Agency (DARPA) and Google\u2019s Advanced Technologies and Projects research group. He was hired by Twitter in 2020<\/a> in the months after a major security incident that saw hackers take over some of the platform\u2019s most-followed celebrity accounts<\/a>. But he stayed only just over a year, being fired by incoming CEO Agrawal in January 2022.<\/p>\nOne of Zatko\u2019s specific claims \u2014 that too many employees are given access to critical software within the company \u2014 seemed to be supported by details shared by Al Sutton, a former software engineer at Twitter. In a tweet, Sutton said that he was still able to commit code in the employee group fo Twitter\u2019s open-source software repositories on the code hosting website GitHub, despite having left the company 18 months ago.<\/p>\n
\n