The Securities and Exchange Commission (SEC) is reportedly conducting an investigation into Twitter’s handling of a security flaw that occurred in 2018, exposing users’ personal information. This bug allowed individuals to access email addresses when resetting passwords, potentially compromising user identities. The SEC’s inquiry is focused on whether Twitter’s leadership at the time adequately disclosed the issue to shareholders and implemented necessary safeguards.
Furthermore, the security flaw came to renewed attention when Elon Musk attempted to withdraw from his commitment to acquire Twitter. Musk highlighted the company’s history of operational challenges and alleged inadequate protection of user data over the past five years. During this time, Peiter “Mudge” Zatko, Twitter’s former head of security, submitted a whistleblower complaint to the SEC, Department of Justice, and Federal Trade Commission. Zatko alleged that Twitter had “extreme, egregious deficiencies” in safeguarding the platform against attacks.
Zatko further accused Twitter of violating an agreement made with the FTC in 2011 to settle a prior privacy case. Notably, Twitter agreed to pay $150 million in 2021 to resolve FTC charges of misusing user phone numbers and email addresses for targeted advertising. Jack Dorsey served as Twitter’s CEO at the time of the security flaw being investigated by the SEC, while Parag Agrawal was the Chief Technology Officer. As of now, no wrongdoing has been attributed to Twitter’s executives from that period, and it remains unclear when the SEC’s investigation will conclude or if enforcement action will be taken.
In a separate case, the SEC has also sued Elon Musk for refusing to testify, focusing on Musk’s delayed disclosure of purchasing over five percent of Twitter’s stock in early 2022.