Twitter’s security woes are far from over.
A new Twitter whistleblower alleged in a complaint filed in October that the platform failed to fix security issues, even after promising to do so after major breach in 2020. This year, teenagers hacked the accounts of politicians, celebrities and other high-profile figures, including former President Barack Obama and tech billionaire Elon Musk, to spread a cryptocurrency scam. Twitter said publicly in a blog post that it restricted access to its internal systems and tools while it investigated the attack.
The whistleblower, a former Twitter engineer, is concerned about an internal program that allows employees to tweet under any account. A Twitter employee estimated that approximately 4,000 employees had access to this program, once known as “GodMode.” The program’s existence shows that Twitter’s “public statements to users and investors are false and/or misleading,” the anonymous whistleblower said in the 24-page complaint. The nonprofit law firm Whistleblower Aid filed the complaint with the Federal Trade Commission and the US Department of Justice.
“Our client has a reasonable belief that the evidence in this disclosure demonstrates legal violations by Twitter,” the complaint said.
The Washington Post, which interviewed the whistleblower, previously reported the allegations. The former Twitter employee, who requested anonymity because of harassment and safety concerns, told The Post that Twitter created the “GodMode” program so employees could tweet about certain advertisers. Twitter engineers renamed the program “privileged mode” after internal backlash, the whistleblower told The Post. The whistleblower reportedly told Congress and the FTC that Twitter engineers still have access to this program today. Twitter did not respond to a request for comment.
The whistleblower also filed another complaint in September with the Federal Trade Commission and the US Department of Justice, raising similar concerns about the extent of employee access to Twitter accounts. In that complaint, another Twitter engineer told the whistleblower that they discovered in 2020 that workers could tweet as any account and raised the same concern two years later.
A congressional official shared the September and October complaints with CNET.
The latest allegations could prompt more scrutiny from lawmakers and regulators during a chaotic period for Twitter. Before Musk struck a deal to buy Twitter for $44 billion last year, Twitter’s former security chief Peter “Mudge” Zatko outlined several security issues at the company, including allegations that employees had too much access to user data. Twitter fired Zatko, who joined the company after the security breach in 2020. In the complaint, Zatko accused Twitter of violating an 11-year settlement with the FTC. Twitter said Zatko’s allegations were “full of inconsistencies and inaccuracies and lack important context.” Whistleblower Aid also represents Zatko.
Since Musk’s takeover, the company has cut half its workforce, disbanded its Trust and Safety Council and made other drastic changes that have raised questions about how well Twitter will be able to deal with security and content moderation issues. Twitter users also complain that an additional level of account protection known as two-factor authentication is not working properly.
The Federal Trade Commission declined to comment on the latest whistleblower complaint. The whistleblower also met with the Senate Judiciary Committee and the House Energy and Commerce Committee, The Post reported.
On Wednesday, Representative Jan Schakowsky, D-Illinois, said in a statement that the latest whistleblower allegations “highlight that technology companies routinely fail to protect the security and privacy of user data.” She urged Congress and regulators to pass legislation to help protect consumer data.
“I am particularly concerned about Twitter user data, as well as the potential impact of Elon Musk’s debts to foreign powers,” she said in the statement. “Musk’s leadership has been tumultuous.”
Kyle Gardiner, associate counsel for Whistleblower Aid, said in a statement that whistleblowers play a “vital role in exposing what big tech companies have managed to hide from the public and regulators for too long.”
“As these whistleblowers become more numerous and influential, our hope is that big tech companies realize that transparency and accountability is a better way to operate than breaking the law and putting users at risk,” said Gardiner.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23935560/acastro_STK103__03.jpg)
