Home PC News U.S. regulator: Twitter’s lax security enabled ‘simple’ celebrity account hack by Florida...

U.S. regulator: Twitter’s lax security enabled ‘simple’ celebrity account hack by Florida teen

(Reuters) — Twitter suffered from cybersecurity shortfalls that enabled a “simple” hack attributed to a Florida teenager to take over the accounts of several of the world’s most famous people in July, according to a report released on Wednesday.

The report by New York’s Department of Financial Services recommended that the largest social media companies be deemed systemically important, like some banks following the 2008 financial crisis, with a dedicated regulator monitoring their ability to combat cyberattacks and election interference.

“That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” said Linda Lacewell, the financial services superintendent.

Twitter said it cooperated with the review and was increasing security for its teams and platform. The company has acknowledged that some employees were duped into sharing account credentials prior to the hack.

New York Governor Andrew Cuomo said the report demonstrated a “regulatory gap” and pledged the state would take the lead in introducing measures to protect users.

Cuomo had ordered a probe following the July 15 hack of celebrity Twitter accounts, in an alleged scam that stole more than $118,000 in Bitcoin.

Those whose accounts were hacked included U.S. presidential candidate Joe Biden; former President Barack Obama; billionaires Jeff Bezos, Bill Gates, and Elon Musk; and singer Kanye West and wife Kim Kardashian, the reality TV star.

Lacewell said hackers obtained login credentials after calling several employees and pretending to work in Twitter’s information technology department. Hackers claimed to be responding to problems with the company’s Virtual Private Network, a situation that had become common because employees were working from home.

“The extraordinary access the hackers obtained with this simple technique underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences,” the report said.

Twitter’s lack at the time of a chief information security officer also made the San Francisco-based company more vulnerable, the report said.

Florida prosecutors said Graham Ivan Clark was the mastermind behind the hack and charged the 17-year-old Tampa resident as an adult with 30 felonies.

Clark has pleaded not guilty. Federal prosecutors charged two others with aiding the hack.

(Reporting by Jonathan Stempel in New York, additional reporting by Katie Paul in Palo Alto. Editing by Andrea Ricci and Tom Brown.)


You can’t solo security

COVID-19 game security report: Learn the latest attack trends in gaming. Access here


Most Popular

Gig economy workers could receive equity under SEC proposal

(Reuters) — The U.S. securities regulator on Tuesday proposed a pilot program to allow tech companies like Uber and Lyft to pay gig workers...

Nvidia RTX 3060 Ti appears in Ashes of the Singularity benchmark database

What just happened? Another day, another RTX 3060 Ti leak. This time,...

Supercell invests $2.8 million in 2Up, a co-op mobile game studio

Supercell is investing $2.8 million in New Zealand game studio 2Up Games, which is working on a co-op mobile game. It’s one more example of...

Sphero spinout Company Six launches throwable, video-streaming wheeled drone for first responders

In May, Sphero, the decade-old Colorado-based company best known for its programmable robots, announced Company Six (CO6), a spinoff focused on commercializing intelligence robots...

Recent Comments