The Securities and Exchange Commission is reportedly looking into how Twitter (now X) handled a security issue in 2018 that led to users’ personal information being exposed. The bug allowed people to view email addresses when passwords were reset, potentially exposing user identities, according to Bloomberg. The report notes that the SEC has been investigating whether those in charge of the company at the time properly disclosed the flaws to shareholders and put proper controls in place.
Attention was drawn to the flaw last year while Elon Musk was trying to wriggle out of his commitment to buy Twitter. Musk asserted that Twitter had long been contending with operational issues (it has had to deal with multiple security incidents over the last five years) and that it hadn’t properly protected user data.
Just as Musk was attempting to wash his hands of his takeover bid, Peiter “Mudge” Zatko, Twitter’s former head of security, flagged a number of concerns about the company to the SEC, the Department of Justice and the Federal Trade Commission last August in a whistleblower complaint. He claimed Twitter had “extreme, egregious deficiencies” when it came to protecting the platform against attacks.
Zatko accused Twitter of violating the agreement it made with the FTC in 2011 to settle a previous privacy case. Of note, Twitter last year agreed to pay $150 million to settle FTC charges that it violated said consent decree by misusing user phone numbers and email addresses for ad targeting.
Jack Dorsey was CEO of Twitter at the time of the incident that the SEC is said to be looking into. His successor, Parag Agrawal, was then chief technology officer. None of Twitter’s executives at the time have been accused of wrongdoing, according to Bloomberg. The outlet notes that it’s not clear when the SEC will wrap up its probe or if any enforcement action is expected as a result.
Meanwhile, the SEC has sued Musk for refusing to testify in a separate case. That one concerns Musk’s delay in disclosing his purchase of over five percent of Twitter stock in early 2022.
This article originally appeared on Engadget at https://www.engadget.com/the-sec-is-said-to-be-investigating-a-twitter-security-flaw-from-the-pre-musk-era-205459647.html?src=rss