Twitter lacked adequate cybersecurity protection ahead of July hacks, regulator says

Twitter lacked adequate cybersecurity protection ahead of July hacks, regulator says
© Getty

Twitter lacked adequate cybersecurity protection allowing for a 17-year-old to allegedly lead a mass hack of high-profile accounts in July using a “simple technique,” according to a report released Wednesday by a New York regulator. 

The New York State Department of Financial Services (DFS) is calling for social media companies to be designated “systemically important institutions,” like some banks were after the 2008 financial crisis, and subject to enhanced regulation. 

The report underscores the push for further protection by highlighting concerns that the cybersecurity vulnerabilities could lead to an election-related hacking attempt. 


“The Hackers focused on classic fraud. But such a hack, when perpetrated by well-resourced adversaries, could wreak far greater damage by manipulating public perception about markets, elections, and more,” the report states. 

The report describes the hijack of high-profile accounts, including former President Obama, reality star Kim Kardashian WestKimberly (Kim) Noel Kardashian WestLil Wayne gets 11th hour Trump pardon 2020's top political celebrity moments Trump pardons draw criticism for benefiting political allies MORE and Amazon CEO Jeff BezosJeffrey (Jeff) Preston BezosAmazon suspends Parler from web hosting service World's richest people added .8T to their combined wealth in 2020 Amazon delivered more than 1.5 billion items over holiday season MORE, as “jarringly easy for a teenager and his young associates” to execute. 

DFS said the hackers accessed Twitter’s systems by calling company employees and claiming to be from Twitter’s IT department. After duping four employees to give them their log-in credentials, the hackers hijacked the accounts of various politicians, celebrities and companies. 

The hackers tweeted “double your bitcoin” messages, with a link to send payments to bitcoins. They stole more $118,000 worth of bitcoins from consumers, according to DFS. 

A spokesperson for Twitter did not immediately respond to a request for comment.

Twitter has previously revealed that hackers had manipulated employees into providing them back-end access to internal systems. 


New York Gov. Andrew CuomoAndrew CuomoCuomo says New York can begin to loosen restrictions: 'Don't get cocky with COVID' Disjointed vaccine distribution poses early test for Biden Three National Guardsmen killed after military helicopter crash in New York MORE (D) had directed the investigation in July. The FBI also initiated an inquiry into the hacking.  

Florida prosecutors have alleged Graham Ivan Clark, a 17-year-old from Tampa, is behind the hack and he is being charged as an adult. Clark has pleaded not guilty.

Federal prosecutors have charged two others with related charges in a California federal court.