Twitter's security fell short before hack targeting celebrities

By on
Twitter's security fell short before hack targeting celebrities

Should lose its ability to self-regulate, report recommends.

Twitter suffered from cyber security shortfalls that enabled a "simple" hack attributed to a Florida teenager to take over the accounts of several of the world's most famous people in July, according to a report released on Wednesday.

The report by New York's Department of Financial Services also recommended that the largest social media companies be deemed systemically important, like some banks following the 2008 financial crisis, with a dedicated regulator monitoring their ability to combat cyber attacks and election interference.

"That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer," said Linda Lacewell, the financial services superintendent.

Twitter did not immediately respond to a request for comment.

It has acknowledged that some employees were duped into sharing account credentials prior to the hack.

New York Governor Andrew Cuomo ordered a probe following the July 15 hack of celebrity Twitter accounts, in an alleged scam that stole more than US$118,000 in Bitcoin.

Those whose accounts were hacked included US presidential candidate Joe Biden; former President Barack Obama; billionaires Jeff Bezos, Bill Gates and Elon Musk; singer Kanye West, and his wife Kim Kardashian, the reality TV star.

Lacewell said hackers obtained log-in credentials after calling several employees, pretending to work in Twitter's information technology department, and claiming to be responding to problems with the company's VPN, which had become common because employees were working from home.

"The extraordinary access the hackers obtained with this simple technique underscores Twitter's cyber security vulnerability and the potential for devastating consequences," the report said.

Twitter's lack at the time of a chief information security officer also made the San Francisco-based company more vulnerable, the report said.

Florida prosecutors said Graham Ivan Clark was the mastermind behind the hack, and charged the 17-year-old Tampa resident as an adult with 30 felonies.

Clark has pleaded not guilty. Federal prosecutors charged two others with aiding the hack.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
cyber hack security twitter

Sponsored Whitepapers

3 steps to a well-rounded cybersecurity plan
3 steps to a well-rounded cybersecurity plan
Learn IT Service Management (ITSM) best practises
Learn IT Service Management (ITSM) best practises
A Migration Guide For Businesses Switching Mobile Device Management Solutions
A Migration Guide For Businesses Switching Mobile Device Management Solutions
Plan your post-COVID security strategy
Plan your post-COVID security strategy
The Executive's Guide To The Future Of Work
The Executive's Guide To The Future Of Work

Events

Most Read Articles

Services Australia trials OCR on Centrelink claims

Services Australia trials OCR on Centrelink claims
Aussie Broadband lists on the ASX one week early

Aussie Broadband lists on the ASX one week early
Telstra hands digital credentials to 4.5m consumer customers

Telstra hands digital credentials to 4.5m consumer customers
Spotless hit by ransomware attack

Spotless hit by ransomware attack
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?