According to his disclosure obtained by CNN and The Washington Post, Zatko said that Twitter has “major security problems that pose a threat to its own users’ personal information, to company shareholders, to national security, and to democracy”.
Zatko, who reported directly to the CEO, was fired by Twitter in January this year over “poor performance”.
Last month, he filed a complaint with the US Securities and Exchange Commission (SEC), accusing Twitter of deceiving shareholders and violating an agreement it made with the Federal Trade Commission (FTC) to uphold certain security standards.
In his disclosure as a whistleblower, Zatko alleged that Twitter’s leadership “has misled its own board and government regulators about its security vulnerabilities, including some that could allegedly open the door to foreign spying or manipulation, hacking and disinformation campaigns”.
He also said that Twitter does not “reliably delete users’ data after they cancel their accounts”.
The whistleblower also said Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and were not motivated to.
Tesla CEO Elon Musk has cancelled the $44 billion Twitter takeover deal over the actual presence of bots on the platform.
Zatko’s lawyer told CNN that he has not been in contact with Musk.
An attorney for Musk said that their legal team has already issued a subpoena for Zatko, “and we found his exit and that of other key employees curious in light of what we have been finding”.
Twitter said in a statement that security and privacy are both longtime priorities for the company.
The company said that it “provides clear tools for users to control privacy, and targeting and data sharing”.