Twitter lacked adequate cybersecurity protection ahead of July hacks, regulator says

Twitter lacked adequate cybersecurity protection ahead of July hacks, regulator says
© Getty

Twitter lacked adequate cybersecurity protection allowing for a 17-year-old to allegedly lead a mass hack of high-profile accounts in July using a “simple technique,” according to a report released Wednesday by a New York regulator. 

The New York State Department of Financial Services (DFS) is calling for social media companies to be designated “systemically important institutions,” like some banks were after the 2008 financial crisis, and subject to enhanced regulation. 

The report underscores the push for further protection by highlighting concerns that the cybersecurity vulnerabilities could lead to an election-related hacking attempt. 

ADVERTISEMENT

“The Hackers focused on classic fraud. But such a hack, when perpetrated by well-resourced adversaries, could wreak far greater damage by manipulating public perception about markets, elections, and more,” the report states. 

The report describes the hijack of high-profile accounts, including former President Obama, reality star Kim Kardashian WestKimberly (Kim) Noel Kardashian WestInvestors sue Kim Kardashian, Floyd Mayweather over cryptocurrency promotion Victim's brother rips Colorado governor for reducing trucker's 110-year sentence 2021's top political celebrity moments MORE and Amazon CEO Jeff BezosJeffrey (Jeff) Preston BezosSerena Williams, Fauci among 'Portrait of a Nation' honorees Can our nation afford higher interest rates with the current national debt? Free speech, Whole Foods, and the endangered apolitical workplace MORE, as “jarringly easy for a teenager and his young associates” to execute. 

DFS said the hackers accessed Twitter’s systems by calling company employees and claiming to be from Twitter’s IT department. After duping four employees to give them their log-in credentials, the hackers hijacked the accounts of various politicians, celebrities and companies. 

The hackers tweeted “double your bitcoin” messages, with a link to send payments to bitcoins. They stole more $118,000 worth of bitcoins from consumers, according to DFS. 

A spokesperson for Twitter did not immediately respond to a request for comment.

Twitter has previously revealed that hackers had manipulated employees into providing them back-end access to internal systems. 

New York Gov. Andrew CuomoAndrew CuomoJudge strikes down New York's indoor mask mandate Hochul raises .6 million since launching gubernatorial campaign Former aide says she felt 'abandoned' by Democrats who advanced Garcetti nomination as ambassador to India MORE (D) had directed the investigation in July. The FBI also initiated an inquiry into the hacking.  

Florida prosecutors have alleged Graham Ivan Clark, a 17-year-old from Tampa, is behind the hack and he is being charged as an adult. Clark has pleaded not guilty.

Federal prosecutors have charged two others with related charges in a California federal court.