Jack Dorsey is not having a great week. Over the past four days, his friend Elon Musk has dragged him into an increasingly messy legal battle over the botched acquisition of Twitter, a whistleblower has criticised decisions made during his tenure as CEO, and a lawsuit has accused his other company, Block, of failing to protect users’ private data.
On Monday, court documents revealed that the two-time Twitter CEO had been subpoenaed to testify in the upcoming trial between the social media company and Musk. Twitter has sued Musk for backing out of a $44bn deal to buy the company. The Tesla technoking has shot back, saying that whatever deal reached is null and void because Twitter lied about the number of fake accounts on the platform.
Dorsey is only the latest Silicon Valley superstar to be roped into the legal battle. Twitter has previously subpoenaed Musk-tied industry celebrities like the prominent venture capitalist Marc Andreessen and David Sacks, the founding COO of PayPal. The trial is scheduled to kick off on October 17.
Dorsey served as CEO of Twitter from 2006 until he was booted out in 2008. He was then rehired as CEO in 2015. Dorsey stepped down as CEO of Twitter in November 2021.
Dorsey had almost been ousted one year earlier when stakeholder Elliott Management had put his commitment to Twitter in doubt as he was also the CEO of Square, which was rebranded as Block last year. Former Twitter CTO Parag Agrawal took over as CEO after Dorsey left.
Whistleblower case stokes the fires
People were reminded of Elliot Management’s critique of Dorsey on Tuesday when an explosive expose by CNN and The Washington Post revealed that serious vulnerabilities could be exploited by Chinese and Russian hackers. The former head of security at Twitter, Peiter “Mudge” Zatko, was at the centre of the accusations.
The whistleblower claimed that a combination of weak cybersecurity controls and poor judgement had exposed Twitter to numerous foreign intelligence risks. Zatko accused Agrawal and other executives of knowingly putting user growth ahead of security. He said executives stood to win individual bonuses of as much as $10m if the number of daily users grew.
The former security boss left the company in January. He also stoked the fires around the legal battle with Musk by claiming that the company had done little to reduce the number of bots on the platform.
However, the veracity of these claims are in doubt among Twitter’s own employees.
“The feeling inside is that Mudge is a bitter shit trying to get revenge for the company outing him as the ineffective, sloppy employee he was,” one anonymous Twitter employee told WIRED.
Nevertheless, given that most of the things Zatko complained about happened during Dorsey’s latest tenure as CEO, it just adds to the former CEO’s bad week.
Dorsey owns 2.4% of Twitter, according to Bloomberg.
Block accused of being negligent in cybersecurity
The trifecta was completed on Tuesday when Block was sued over a cybersecurity incident the company’s Cash App in December 2021. The app allows users to buy and sell stocks.
The class action lawsuit accuses the company of having poor security practices, which were made evident when it was revealed that a former employee still had access to 8.2 million users’ data.
Block disclosed the cybersecurity incident in April 2022. It revealed that the ex-staffer had access to users’ full name and brokerage account number as well as brokerage portfolio value, holdings and stock trading activity.
Following the breach, Cash App users have reported multiple fraudulent transactions on the Cash App, Forbes reported. However, the suit does not provide evidence linking those thefts to the hack.
Block did not return Verdict’s requests for comments.
Cybersecurity experts note that the Block incident highlights how employees continuous to be one of the biggest risks for companies digital defences.
“Dangerously, insider threats remain the most damaging of all threats for companies and can have worrying consequences,” Jake Moore, global security advisor at cybersecurity firm ESET, tells Verdict.
“Giving the keys to the kingdom comes with great power but also offers a threat level that is often unquantifiable. Poor security practices are inconceivable in current times and especially within such a big company and this could also harm the company going forward in terms of reputation. Security procedures mitigating insider threats are indeed possible, but cutting corners to favour convenience over security is likely here which is so often the biggest mistake businesses make.”
GlobalData is the parent company of Verdict and its sister publications.