Jack Dorsey was “extremely disengaged” during his last months as Twitter’s CEO and provided little support on efforts to fix the company’s cascading cybersecurity flaws, a whistleblower complaint alleged Tuesday.
Peiter “Mudge” Zatko, the ethical hacker hired by Dorsey who turned Twitter whistleblower over the platform’s sweeping security flaws, said Dorsey “was experiencing a drastic loss of focus in 2021.”
“Dorsey attended meetings sporadically, and when he did, he was extremely disengaged,” a portion of Zatko’s whistleblower complaint alleged. “In some meetings — even after he was briefed on complex corporate issues — Dorsey did not speak a word.”
Dorsey’s inattention purportedly rang alarm bells among Twitter staffers aside from Zatko — some of whom suggested the Twitter co-founder could be battling medical issues. Dorsey abruptly stepped down as CEO last November.
“Worried about Dorsey’s health, the senior team mostly tried to cover up for him, but even mid- and lower-level staff could tell that the ship was rudderless,” the complaint said.
Zatko was more charitable in his description of Dorsey on a personal level, noting that they “got along well” and he “never suspected Dorsey of harboring bad intent.”
But the complaint alleged that Dorsey’s “absent behavior was anomalous and unhelpful in summoning the Herculean effort needed to fix Twitter’s problems.” The document added that he “provided little or no actual support” to Zatko as he sought to address “the risky behaviors of over 8,000 employees.”
“Other senior executives took advantage of Dorsey’s absence to stay in their separate silos, pursuing their separate interests without interference,” the complaint said. “Unsurprisingly, this dynamic had negative consequences.”
Zatko, who achieved fame in the hacker community as part of the 1990s-era group called “Cult of the Dead Cow,” filed the partially redacted complaint with the SEC in July. The Washington Post and CNN were first to obtain and report on the complaint.
Dorsey hired Zatko in 2020 as Twitter’s head of security with a mandate to fix the platform’s problems after the accounts of several prominent politicians were hacked. But Zatko claims he discovered the cybersecurity issues were far more extensive than previously known and constitute a national security risk to the US.
Zatko claimed he was forced out after bringing his concerns to upper management.
The Post has reached out to Dorsey and his current company, Block, for comment.
A Twitter spokesperson slammed the contents of Zatko’s complaint in a statement to several outlets.
“Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance,” the Twitter spokesperson said. “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.
“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” the spokesperson added. “Security and privacy have long been company-wide priorities at Twitter and will continue to be.”