Twitter lacked adequate cybersecurity protection ahead of July hacks, regulator says

Twitter lacked adequate cybersecurity protection ahead of July hacks, regulator says
© Getty

Twitter lacked adequate cybersecurity protection allowing for a 17-year-old to allegedly lead a mass hack of high-profile accounts in July using a “simple technique,” according to a report released Wednesday by a New York regulator. 

The New York State Department of Financial Services (DFS) is calling for social media companies to be designated “systemically important institutions,” like some banks were after the 2008 financial crisis, and subject to enhanced regulation. 

The report underscores the push for further protection by highlighting concerns that the cybersecurity vulnerabilities could lead to an election-related hacking attempt. 


“The Hackers focused on classic fraud. But such a hack, when perpetrated by well-resourced adversaries, could wreak far greater damage by manipulating public perception about markets, elections, and more,” the report states. 

The report describes the hijack of high-profile accounts, including former President Obama, reality star Kim Kardashian WestKimberly (Kim) Noel Kardashian WestKim Kardashian denies claims she bought 'looted' Roman statue Kim Kardashian West files for divorce from Kanye Biden finds a few Trump moves he'll keep MORE and Amazon CEO Jeff BezosJeffrey (Jeff) Preston BezosPhilanthropists and billionaires must walk the talk on climate change Jeff Bezos roasted for buying yacht so big it comes with smaller support yacht The Hill's Morning Report - Presented by Facebook - Cheney poised to be ousted; Biden to host big meeting MORE, as “jarringly easy for a teenager and his young associates” to execute. 

DFS said the hackers accessed Twitter’s systems by calling company employees and claiming to be from Twitter’s IT department. After duping four employees to give them their log-in credentials, the hackers hijacked the accounts of various politicians, celebrities and companies. 

The hackers tweeted “double your bitcoin” messages, with a link to send payments to bitcoins. They stole more $118,000 worth of bitcoins from consumers, according to DFS. 

A spokesperson for Twitter did not immediately respond to a request for comment.

Twitter has previously revealed that hackers had manipulated employees into providing them back-end access to internal systems. 


New York Gov. Andrew CuomoAndrew CuomoCNN's Lemon, Cuomo to host new podcast 'Hamilton,' 'Wicked' among Broadway shows reopening Sept. 14 The Hill's Morning Report - Presented by Facebook - Infrastructure, Cheney ouster on deck as Congress returns MORE (D) had directed the investigation in July. The FBI also initiated an inquiry into the hacking.  

Florida prosecutors have alleged Graham Ivan Clark, a 17-year-old from Tampa, is behind the hack and he is being charged as an adult. Clark has pleaded not guilty.

Federal prosecutors have charged two others with related charges in a California federal court.