Twitter parts ways with two-factor provider following claims of secret surveillance

A Mitto AG founder allegedly operated a secret surveillance operation.

boonchai wedmakawand via Getty Images

Twitter has informed US Senator Ron Wyden (D-OR) that it's transitioning away from using Mitto AG's services to deliver two-factor authentication codes to its users, according to Bloomberg. Swiss tech firm Mitto is an established provider of automated text messages that some big companies have been using to send out not just 2FA codes, but also sales promotions and appointment reminders. Bloomberg reported in December, however, that one of its co-founders operated a secret surveillance operation that helped governments locate users through their phones.

Company COO Ilja Gorelik allegedly sold surveillance technology firms access to Mitto's networks, allowing them to track people using their mobile devices. Those companies, in turn, contracted with government agencies. Mitto told Bloomberg back then that it had no knowledge or involvement in Gorelik's surveillance operation and that it's launching an internal probe to determine if its technology and business had been compromised. The Wyden aide Bloomberg talked to said Twitter cited media reports as a major factor for its decision.

Aside from Twitter, Mitto's clients include Google, WhatsApp, LinkedIn, Telegram, TikTok, Tencent and Alibaba. Mitto has reportedly been telling customers that Gorelik is no longer with the firm. Still, the publication says several other clients have cut ties with Mitto since the report came out, though it's unclear if Google and the other well-known tech companies and services that it counts as customers are also parting ways with it.