How a 51-year-old celebrity hacker upended one of the world’s most influential social networks

By Sean Lyngaas and Clare Duffy, CNN Business

When Peiter Zatko joined Twitter as head of security in late 2020 at the urging of founder and then-CEO Jack Dorsey, he was surprised by what he discovered. Twitter, a social network with hundreds of millions of users, “was over a decade behind industry security standards,” he later testified.

Barely a year later, Zatko was agitating for Twitter’s top executives to address what he described as “a ticking bomb of security vulnerabilities” and to provide a full accounting of its shortcomings to its board.

His concerns, raised privately at first and later in a whistleblower disclosure that became public, would upend one of the world’s most influential social networks and raise new questions about its pending acquisition by the world’s richest man, Elon Musk. It would also, he later testified, put his career and his family at risk.

In his disclosure filed with various US government agencies in July, Zatko alleged that Twitter trusted far too many employees with access to sensitive user data, creating a fragile security posture that an outsider could exploit to wreak havoc on the platform. The disclosure also claimed that one or more current Twitter employees may be working for a foreign intelligence service, potentially threatening user data and US national security, and that Twitter CEO Parag Agrawal misled the company’s board of directors by discouraging Zatko from providing a full account of Twitter’s security weaknesses. (Twitter has criticized Zatko and broadly defended itself against the allegations.)

“Given the real harm to users and national security, I determined it was necessary to take on the personal and professional risk to myself and to my family of becoming a whistleblower,” Zatko, better known as “Mudge” in cybersecurity circles and highly regarded in that community, said during a Senate hearing on his disclosure in September. “I did not make my whistleblower disclosure out of spite or to harm Twitter, far from that, I continue to believe in the mission of the company and root for its success.”

Since going public with his concerns, Zatko, who has held numerous posts in…