Former Twitter security head turned whistleblower and claimed that the firm deceived users and US regulators about security vulnerabilities.
Peiter Zatko also asserted that Twitter overestimated the number of spam and false accounts on its site.
The allegations could have an impact on the court dispute between Twitter and billionaire Elon Musk, who is attempting to rescind his $44 billion (£37 billion) plan to acquire the firm.
Twitter asserts that Mr. Zatko’s accusations are false and inconsistent.
According to the report, he was fired in January due to insufficient leadership and poor performance.
In his devastating revelations, which were first reported by CNN and The Washington Post, Mr. Zatko accused Twitter of failing to maintain strong security standards and “lying to Elon Musk about bots.”
In July, he filed a formal complaint with the Securities and Exchange Commission.
In it, Mr. Zatko criticizes Twitter’s handling of sensitive information and asserts that the company failed to appropriately report some of these incidents to US regulators.
Barack Obama, Joe Biden, and Kanye West have all been targeted in high-profile Twitter hacking incidents.
Among his worries, Mr. Zatko asserts that Twitter saw an atypically high rate of security issues – “roughly one security incident per week that was severe enough that Twitter was obligated to report it to regulators.”
According to him, so-called insider threats, which are security concerns posed by hostile employees, were “essentially unmonitored.”
The former head of security expressed worry regarding Twitter’s data management, claiming that too many staff had access to important systems and user data.
He was concerned that the corporation lacked a viable disaster recovery plan and alleged that in the past, Twitter has failed to remove the data of canceled accounts.
Regarding false and spam accounts, he claimed that “deliberate ignorance was the norm” in the digital business, and he accused Twitter management of having little incentive to accurately determine how many exist on the network.
However, according to The Washington Post, he “provides few hard data” to support these claims.
However, Elon Musk’s attorneys have responded to the comments. His legal team is currently attempting to get him out of the agreement by saying that Twitter has no way of confirming how many of its 229 million daily active users are human.
Following the release of Mr. Zatko’s disclosures, Mr. Musk tweeted screenshots of The Washington Post’s article and a graphic with the phrase “give a small whistle.”
The attorney for Mr. Zatko told CNN that his client initiated the whistleblower process before the takeover proposal was made public and had no interaction with Elon Musk.
Alex Spiro, one of Elon Musk’s attorneys, informed CNN that Mr. Zatko was subpoenaed as a possible witness.
Peiter Zatko is well-known in computer security circles as a former hacker.
He was a member of the computer security think tank L0pht (pronounced “loft”) and participated in 1998 congressional cyber-security hearings.
He has previously held executive positions at Google and the United States Department of Defense’s research and development organization, DARPA.
A Twitter representative said: “What we’ve seen thus far is a false narrative about Twitter and our privacy and data-security standards, which is rife with inconsistencies and falsehoods and lacks crucial context.
“Mr. Zatko’s charges and opportunistic timing look calculated to attract attention and cause damage to Twitter, its consumers, and its stockholders.
Security and privacy have been and will continue to be company-wide objectives at Twitter.
John Tye, from Whistleblower Aid, which is assisting Pieter Zatko, referred to him as a “hero” and urged agencies to investigate the charges as soon as possible.
