Twitter’s former security chief accused the company of ‘lying’ to Elon Musk about spam accounts, according to explosive whistleblower complaint sent to regulators
Former Twitter security chief Peiter Zatko has accused the company of “lying” to Elon Musk about spam accounts on its platform, according to a bombshell whistleblower complaint obtained by The Washington Post.
In his complaint, to the Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice, dated July, Zatko widely portrays Twitter’s security practices as inadequate and dangerous.
In a section titled “Lie about bots to Elon Musk,” Zatko, a notorious hacker known as “Mudge,” accuses Twitter of misrepresenting the robustness with which it measures and combats bots and spam accounts.
A Twitter spokesperson told Insider, “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.”
The spokesperson added that “Zatko’s allegations and opportunistic timing appear designed to garner attention and harm Twitter, its customers, and its shareholders.”
The spokesperson said Zatko was “fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance.”
They added, “Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
The exact number of bot accounts on Twitter’s platform is an issue at the heart of a legal battle between Musk and Twitter. Musk agreed to buy Twitter for $44 billion in April, but later announced he wanted to walk away from the deal, saying Twitter had not been honest with him about the bots. Twitter is suing Musk in an attempt to force him into the deal at the agreed price.
Zatko’s complaint targets a tweet posted in May by Twitter CEO Parag Agrawal, in which Agrawal said Twitter had a “strong incentive to detect and remove as much spam as possible.”
Zatko’s complaint says, “Agrawal’s tweet was a lie,” adding, “Agrawal knows full well that Twitter executives have no incentive to ‘accurately detect’ or report the total number of spam bots on the platform.”
The complaint says that Twitter executives have an incentive not to count spam accounts as “monetizable active users” (mDAU), a metric Twitter provides to advertisers. However, there is little incentive to detect spam accounts in the large number of accounts that do not count as mDAUS, the complaint states.
“Wilful ignorance was the norm within the management team,” the complaint states.
According to the complaint, Zatko in 2021 asked Twitter’s site integrity officer roughly how many accounts were spam, and was told, “We don’t really know.”
Zatko’s complaint also states that Twitter deployed “simple, mostly outdated, unmonitored scripts and overloaded, inefficient, understaffed and reactive human teams” to detect bots.
The complaint notes that Zatko began preparing its whistleblower disclosures in March 2022, before Musk expressed interest in acquiring Twitter.
Zatko’s attorney told CNN that Zatko had not spoken to Musk and that the timing of the submission had nothing to do with the court case between Musk and Twitter.