Technology

Twitter lacked adequate cybersecurity protection ahead of July hacks, regulator says

by Rebecca Klar

Twitter lacked adequate cybersecurity protection allowing for a 17-year-old to allegedly lead a mass hack of high-profile accounts in July using a “simple technique,” according to a report released Wednesday by a New York regulator. 

The New York State Department of Financial Services (DFS) is calling for social media companies to be designated “systemically important institutions,” like some banks were after the 2008 financial crisis, and subject to enhanced regulation. 

The report underscores the push for further protection by highlighting concerns that the cybersecurity vulnerabilities could lead to an election-related hacking attempt. 

“The Hackers focused on classic fraud. But such a hack, when perpetrated by well-resourced adversaries, could wreak far greater damage by manipulating public perception about markets, elections, and more,” the report states. 

The report describes the hijack of high-profile accounts, including former President Obama, reality star Kim Kardashian West and Amazon CEO Jeff Bezos, as “jarringly easy for a teenager and his young associates” to execute. 

DFS said the hackers accessed Twitter’s systems by calling company employees and claiming to be from Twitter’s IT department. After duping four employees to give them their log-in credentials, the hackers hijacked the accounts of various politicians, celebrities and companies. 

The hackers tweeted “double your bitcoin” messages, with a link to send payments to bitcoins. They stole more $118,000 worth of bitcoins from consumers, according to DFS. 

A spokesperson for Twitter did not immediately respond to a request for comment.

Twitter has previously revealed that hackers had manipulated employees into providing them back-end access to internal systems. 

New York Gov. Andrew Cuomo (D) had directed the investigation in July. The FBI also initiated an inquiry into the hacking.  

Florida prosecutors have alleged Graham Ivan Clark, a 17-year-old from Tampa, is behind the hack and he is being charged as an adult. Clark has pleaded not guilty.

Federal prosecutors have charged two others with related charges in a California federal court.