The bombshell allegations by Twitter’s former head of cybersecurity who accused the company of being lax with user data — and lying to the feds about it — could give regulators an opening to crack down on large tech firms, experts told The Post.
Peiter “Mudge” Zatko, a famed hacker who was hired by then-CEO Jack Dorsey to overhaul Twitter’s porous cybersecurity infrastructure two years ago, told the Securities and Exchange Commission that he was fired after company executives told him to downplay his safety concerns.
Zatko alleged that Twitter executives also allowed low- and mid-level employees to gain access to sensitive controls — making the system vulnerable to potential espionage.
Zatko’s allegations were first reported by The Washington Post and CNN.
Industry analysts told The Post that Zatko’s claims appear to have merit and that he deserves credit for coming forward.
“The whistleblower is doing the right thing here,” Bryan Hornung, the CEO and founder of Xact IT Solutions, told The Post.
“Everything Zatko points out is exactly why companies get hacked at the level they do today.”
Hornung said that it is common for American companies to overlook the importance of cybersecurity. Those who do are playing with fire.
“Businesses big and small think it will never happen to them,” he said.
“CEOs like to gamble with their data security and, ultimately, their business.”
Cybersecurity experts and legal analysts told The Post that Zatko’s claims will likely prompt more intense regulatory scrutiny of Twitter.
Prof. Steve Stransky, a business litigation expert who teaches at Case Western Reserve University in Cleveland, told The Post that the Federal Trade Commission could find Twitter in violation of its consent decree obligations — again.
Earlier this year, Twitter was ordered to pay a $150 million fine and to install new safeguards after the company was found to have violated a 2011 agreement with the FTC to protect user data.
Twitter “could face new scrutiny from various state regulatory authorities who may view Zatko’s allegations as evidence that Twitter is violating the representations it has affirmatively made to its consumers with respect to how it collects, uses, and safeguards consumer data,” Stransky told The Post .
“In recent years, we have seen state regulatory authorities more willing to investigate social media companies over consumer protection issues, and Zatko’s allegations may be a catalyst for further investigation in this area.”
Aron Solomon, the chief legal analyst for the digital marketing firm Esquire Digital, thinks that Zatko could give government regulators a pretext to impose restrictions on Twitter as well as other powerful tech companies.
“The danger here for Twitter is real,” Solomon said.
“There is a potential for fines, but the greatest risk is that Twitter themselves could be empowering legislators looking for reasons to create new laws to limit what Big Tech (particularly social media companies) can and can’t do.”
New government regulations could potentially be a nightmare for large tech firms since they may “strike right at the social media companies’ business model because an overly-regulated platform is far more difficult to monetize.”
Zatko was critical of his former boss, Twitter CEO Parag Agrawal, particularly over his allegedly lax attitude towards securing user data and the proliferation of bots and spam accounts.
Art Shaikh, the founder and CEO of Chicago-based software company CircleIt, says spam and bot accounts — a major bone of contention between Twitter and Elon Musk — are prevalent throughout social media.
Tech firms have financial incentive to maximize user engagement, although spam and bots are also created “for more nefarious reasons, such as scamming people,” according to Shaikh.
“Agrawal is a fine CEO,” Shaikh told The Post.
“However, this is a problem throughout the social media landscape, so it is unfair to single him out.”
Shaikh thinks Twitter could land in even more hot water over Zatko’s claims that the company is a prime target for foreign spies due to its lack of a stringent security apparatus.
Earlier this month, Ahmad Abouammo, a former Twitter manager who holds dual US-Lebanese citizenship, was convicted of acting as an agent of Saudi Arabia, according to CNN.
Abouammo was accused of accepting Saudi money in order to provide the government in Riyadh with information about Twitter accounts belonging to Saudi dissidents and critics of the regime.
Zatko also alleges that the government of India forced Twitter to put one of its agents on the company payroll — this at a time when the authorities in New Delhi have been accused of curbing civil liberties and public protests.
“[T]there could be national security implications,” Shaikh said.
“It is appalling to me, as someone that has been advocating for security and data privacy and have built my company with those principles at their core, that any company could be flippant toward these issues.”
.