The is reportedly looking into how (now X) handled a security issue in 2018 that led to users’ personal information being exposed. The bug allowed people to view email addresses when passwords were reset, potentially exposing user identities, according to . The report notes that the SEC has been investigating whether those in charge of the company at the time properly disclosed the flaws to shareholders and put proper controls in place.
Attention was drawn to the flaw last year while Elon Musk was trying to wriggle out of his commitment to buy Twitter. Musk asserted that Twitter had long been contending with operational issues (it has had to deal with multiple security incidents over the last five years) and that it hadn’t properly protected user data.
Just as Musk was attempting to wash his hands of his takeover bid, Peiter “Mudge” Zatko, flagged a number of concerns about the company to the SEC, the Department of Justice and the Federal Trade Commission last August in a whistleblower complaint. He claimed Twitter had “extreme, egregious deficiencies” when it came to protecting the platform against attacks.
Zatko accused Twitter of violating the agreement it made with the FTC in 2011 to settle a previous privacy case. Of note, Twitter last year to settle FTC charges that it violated said consent decree by misusing user phone numbers and email addresses for ad targeting.
Jack Dorsey was CEO of Twitter at the time of the incident that the SEC is said to be looking into. , was then chief technology officer. None of Twitter’s executives at the time have been accused of wrongdoing, according to Bloomberg. The outlet notes that it’s not clear when the SEC will wrap up its probe or if any enforcement action is expected as a result.
Meanwhile, the for refusing to testify in a separate case. That one concerns in disclosing of over five percent of Twitter stock in early 2022.