SEC Investigates Twitter Breach Prior to Elon Musk’s Leadership
The Securities and Exchange Commission is currently looking into how Twitter Inc. handled a security breach in 2018 that resulted in the exposure of personal user information. This investigation is specifically focused on whether the previous top executives adequately informed shareholders about the privacy issues and implemented appropriate controls. According to anonymous sources familiar with the matter, the bug on the platform allowed unauthorized individuals to access user email addresses during password resets, thereby revealing user identities.
Executives in charge at the time included former Twitter CFO Ned Segal and former CTO Parag Agrawal, who became CEO in 2021 after co-founder Jack Dorsey left the company. Dorsey served as CEO in 2018.
It’s not clear if surveillance will follow or when it will end, the people said. None of the former managers have been accused of any wrongdoing.
Agrawal and Segal were ousted last year when Musk bought the company for $44 billion. Musk, who changed the platform’s name to X Corp., hired an outside law firm to conduct an internal investigation into complaints about the company’s lax computer security practices after he took over.
The SEC and a spokesman for Segal declined to comment. Spokesmen for X Corp. and Dorsey and Agrawal’s attorney did not respond to requests for comment.
Twitter suffered a number of security breaches in 2018, including the discovery of a computer virus that exposed users’ passwords and a security flaw in Twitter’s system that allowed the country codes of Twitter users’ phone numbers to be identified. This error may have allowed wrongdoers to identify the countries where the accounts were located.
The SEC has been investigating the actions of the players in Musk’s controversial purchase of Twitter for months, after questions arose about the social media company’s management and the billionaire’s efforts to acquire it. The agency sued Musk on Thursday to compel him to testify whether his actions before his Twitter bid violated securities laws. Musk’s lawyer, Alex Spiro, responded to the case by saying that the SEC has already taken his testimony several times in this investigation.
In 2018, security concerns surrounding user data emerged as part of a battle over Musk’s bid to reverse his purchase of the social media platform last year. Musk claimed the company was riddled with operational problems, including a failure to properly protect customer data. The company has suffered more than half a dozen hacks or security issues since 2018.
Peiter Zatko, Twitter’s former chief security officer, warned US authorities of “glaring deficiencies” in the company’s defenses against hackers, according to a lawsuit he filed against the company last year. Zatko, who was fired from Twitter last year, said he was concerned about data breaches and how many computer bots the company was counting on its customer base and co-workers were quitting. Twitter rejected the claims, describing them as a false narrative, and said he was fired for ineffective leadership and poor performance.
Musk cited those concerns when he argued that he should be able to walk away from his $54.20 per share offer, but later agreed to go through with the deal at the original price.
Twitter officials have previously acknowledged that the US Federal Trade Commission and the SEC have contacted them about operational errors and some of Musk’s actions in connection with the purchase. There have been no formal charges or lawsuits filed against Musk or Twitter executives during the acquisition. The company has audited its privacy protections and is bound by the FTC’s consent decree, which requires greater oversight.
Last year, the social media giant agreed to pay $150 million to settle FTC allegations that it misused users’ phone numbers to target advertising in violation of the consent decree. The agency has also looked into the social media giant’s privacy and security practices since Musk took over.
The spat between Musk and Twitter’s former top executives has stretched into the legal fees they have racked up to defend themselves against congressional and other investigations. A Delaware judge last week ordered X officials to pay $1.1 million in legal bills covering Agrawal, Segal and former legal director Vijaya Gadde for their testimony to Congress about using Twitter to interfere with the election.