 "Twitter's security fell short before hack targeting celebrities: Regulator")
Twitter Inc suffered from cybersecurity shortfalls that enabled a "simple" hack attributed to a Florida teenager to take over the accounts of several of the world's most famous people in July, according to a report released on Wednesday.
The report by New York's Department of Financial Services also recommended that the largest social media companies be deemed systemically important, like some banks following the 2008 financial crisis, with a dedicated regulator monitoring their ability to combat cyberattacks and election interference.
"That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer," said Linda Lacewell, the financial services superintendent.
Twitter has acknowledged that some employees were duped into sharing account credentials prior to the hack.
New York Governor Andrew Cuomo ordered a probe following the July 15 hack of celebrity Twitter accounts, in an alleged scam that stole more than $118,000 in Bitcoin.
Those whose accounts were hacked included US presidential candidate Joe Biden; former President Barack Obama; billionaires Jeff Bezos, Bill Gates and Elon Musk; singer Kanye West, and his wife Kim Kardashian, the reality TV star.
Lacewell said hackers obtained log-in credentials after calling several employees, pretending to work in Twitter's information technology department, and claiming to be responding to problems with the company's Virtual Private Network, which had become common because employees were working from home.
"The extraordinary access the hackers obtained with this simple technique underscores Twitter's cybersecurity vulnerability and the potential for devastating consequences," the report said.
Twitter's lack at the time of a chief information security officer also made the San Francisco-based company more vulnerable, the report said.
Florida prosecutors said Graham Ivan Clark was the mastermind behind the hack, and charged the 17-year-old Tampa resident as an adult with 30 felonies.
Clark has pleaded not guilty. Federal prosecutors charged two others with aiding the hack.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%