Image source: CBC
News broke on Tuesday that a former Twitter executive had spoken out against the company, prompting a meeting with employees on Wednesday.
Twitter CEO Parag Agrawal opened the company-wide meeting, dismissing claims by former security chief Peiter “Mudge” Zatko.
The whistleblower disclosure alleges that the company’s security practices are so poor that they pose a threat to national security and democracy.
Zatko also claims that the company’s management teams attempted to cover up security practices.
Agrawal said a “false narrative” created via Twitter is “currently challenging our integrity”.
“I know that can be frustrating,” said Agrawal. “I know it can be challenging.”
Peiter Zatko claimed that the company had underestimated the number of fake accounts and active spam on the platform.
His allegations could delay the legal battle between Twitter and Elon Musk, who is currently trying to cancel his $44 billion deal to buy the company.
Zatko also criticized Twitter’s handling of sensitive information, saying it failed to properly report some of the issues to US regulators.
A Twitter spokesperson revealed that the meeting was part of its regular company-wide meetings – it was scheduled before the news broke on Twitter.
The company denied Zatko’s allegations. Twitter said Zatko’s whistleblower disclosure was “riddled with inconsistencies and inaccuracies and lacks important context.”
They also revealed that Zatko was removed from his position due to ineffective leadership and poor performance.
Meanwhile, Zatko claims he was fired for raising internal alarms about Twitter’s security practices.
During the meeting, Twitter’s general counsel, Sean Edgett, said the company contacted regulators and various authorities around the world after learning of Zatko’s allegations.
Senator Richard Blumenthal has asked the Federal Trade Commission to investigate Zatko’s allegations.
The Irish Data Protection Commission, the company’s main regulator in Europe, said it was seeking information from Twitter amid the allegations.
Rebecca Hahn, Twitter’s head of global communications, said there are many reasons the company was unable to address the allegations, possibly citing the ongoing legal dispute between Twitter and Elon Musk.
Joining the company over a month ago, Hahn said she was inspired by the “level of ethics, passion and care” on Twitter.
Hahn reassured colleagues about the company’s public response.
“The truth will get out there,” said Hahn. “We’re always on the right side of history on this.”
During the conversation, not all of Zatko’s claims were addressed and Chief Privacy Officer Damien Kieran said the allegations were incorrect, listing the steps Twitter was taking to protect laptops and other infrastructure from hacking.
“The idea that the number of incidents that our detection and response team investigates is some indicator of bad or negative impact at Twitter is just false,” Kieran reassured employees.
Twitter and Peiter Zatko have different definitions of what constitutes a security incident.
Zatko’s disclosure defines an incident as anything “significant enough to cause a work disruption” and distracts staff from determining the extent of the problem.
Meanwhile, Kieran’s definition is broader and more benign, describing security incidents as any suspicious digital activity investigated by Twitter’s security team.
According to Keiran, after the 2020 hack that compromised celebrity accounts, Twitter implemented tighter security controls to ensure the same attack never happened again.
Security measures include requiring employees to use “two-factor authentication” or adding an extra layer of security when accessing computer applications.
Twitter whistleblower raises security concerns
Twitter executives face question from employees after whistleblower claims