Twitter Inc misled federal regulators about its defenses against hackers and spam accounts, CNN and the Washington Post reported on Tuesday, citing whistleblower disclosures by the social media company’s former security chief Peiter Zatko.
In an 84-page complaint, Zatko, a famed hacker more widely known as “Mudge”, alleged Twitter falsely claimed it had a solid security plan and said he had warned colleagues that half the company’s servers were running out-of-date and vulnerable software, according to the reports.
The whistleblower filing comes as the social media company is embroiled in a legal battle with Tesla Inc Chief Executive Elon Musk after the world’s richest person said in July he was ending an agreement to buy the company in a $44 billion deal alleging it had violated the deal contract.
Musk has accused Twitter of hiding information about how it calculates the percentage of bots on the service. A trial is scheduled for October 17.
The complaint by Zatko was filed last month with the U.S. Securities and Exchange Commission and the Department of Justice, as well as the Federal Trade Commission (FTC), according to the Washington Post. The complaint was also sent to congressional committees.
“We are reviewing the redacted claims that have been published but what we have seen so far is a false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context,” Twitter Chief Executive Parag Agrawal told employees, a CNN reporter tweeted, citing a memo.
Twitter’s shares fell 4% to $41.40.
The FTC declined to comment. A spokesperson for the Senate Intelligence Committee said it had received the complaint and was in the process of setting up a meeting to discuss the allegation. “We take this matter seriously.”
The whistleblower document alleges Twitter prioritized user growth over reducing spam, the paper reported. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, as per the complaint, and nothing explicitly for cutting spam.
Whistleblower Aid, which represents Zatko, said he stands by everything in his disclosure. It also confirmed the authenticity of the disclosure as published on the Washington Post website.
Twitter executives don’t have the resources to fully understand the true number of bots on the platform, CNN reported, citing the complaint.
Musk’s legal team has subpoenaed Zatko, CNN reported after the whistleblower disclosure was made public.
In January, Twitter said Zatko was no longer its head of security, two years after being appointed to the role.
A Twitter spokesperson said on Tuesday that Zatko was fired for “ineffective leadership and poor performance”.
John Tye, founder of Whistleblower Aid and Zatko’s lawyer, said Zatko has not been in contact with Musk and began the whistleblower process before there was any indication of the Silicon Valley billionaire’s involvement with Twitter, according to CNN.