Twitter's former security chief has accused the company of 'lying' to Elon Musk about spam accounts, according to an explosive whistleblower complaint sent to regulators

• Ex-Twitter security chief Peiter Zatko has filed a series of whistleblower complaints to regulators.
• The complaints, published Tuesday by The Washington Post, accuse Twitter of security malpractice.

Former Twitter security chief Peiter Zatko has accused the company of "lying" to Elon Musk about spam accounts on its platform, according to an explosive whistleblower complaint obtained by The Washington Post.

In his complaint, addressed to the Securities and Exchange Commission, Federal Trade Commission, and Department of Justice, dated July, Zatko broadly paints Twitter's security practices as inadequate and dangerous.

In a section entitled "Lying about Bots to Elon Musk," Zatko, a famous hacker known as "Mudge," accuses Twitter of misrepresenting how robustly it measures and combats bots and spam accounts.

Complimentary Tech Event

Transform talent with learning that works

Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

A Twitter spokesperson told Insider: "What we've seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context."

The spokesperson added that Zatko's "allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders."

The spokesperson said Zatko was "fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance."

They added: "Security and privacy have long been company-wide priorities at Twitter and will continue to be."

Zatko's complaint is one of three whistleblower documents published Tuesday by The Post. CNN also published details from the complaints Tuesday.

Exactly how many bot accounts are on Twitter's platform is an issue at the heart of a legal battle between Musk and Twitter. Musk agreed to buy Twitter for $44 billion in April but later announced he wanted to abandon the deal, saying Twitter had not been honest with him about bots. Twitter is suing Musk to try to force him to go through with the deal at the agreed price.

Zatko's complaint takes aim at a tweet posted in May by Twitter CEO Parag Agrawal, in which Agrawal said Twitter was "strongly incentivised to detect and remove as much spam as we possibly can."

Zatko's complaint says: "Agrawal's tweet was a lie," adding: "Agrawal knows very well that Twitter executives are not incentivised to accurately 'detect' or report total spam bots on the platform."

The complaint says that Twitter executives are incentivised not to count spam accounts as "monetizable active users" (mDAUs), a metric Twitter provides to advertisers. However, there is little incentive to detect spam accounts in the huge numbers of accounts that do not count as mDAUS, the complaint says.

"Deliberate ignorance was the norm among the executive leadership team," the complaint says.

According to the complaint, Zatko in 2021 asked Twitter's head of site integrity roughly how many accounts were spam, and was told: "We don't really know."

Zatko's complaint also says Twitter deployed "mostly outdated, unmonitored, simple scripts plus overworked, inefficient, understaffed, and reactive human teams" to detect bots.

The complaint notes that Zatko started preparing his whistleblower disclosures in March 2022, before Musk signalled interest in acquiring Twitter.

Zatko's lawyer told CNN that Zatko has not been talking to Musk, and the timing of the submission had nothing to do with the legal case between Musk and Twitter.