(Reuters) – Twitter Inc. suffered from cyber-security flaws that allowed a "simple" hack attributed to a Florida teenager to take over the accounts of several of the world's most famous people in July, according to a report released Wednesday.
The report from the New York Department of Financial Services also recommended that the largest social media companies be considered systemically important, like some banks after the financial crisis of 2008, with a dedicated regulator overseeing their ability to combat cyberattacks and disruption.
"The fact that Twitter was subjected to an unsophisticated attack shows that self-regulation is not the answer," said Linda Lacewell, Financial Controller.
Twitter did not immediately respond to a request for comment. It has acknowledged that some employees were tricked into sharing account information before the hack.
New York government Andrew Cuomo ordered a probe after the hacking of celebrity Twitter accounts on July 1
Those whose accounts were hacked included US presidential candidate Joe Biden; former President Barack Obama; billionaires Jeff Bezos, Bill Gates and Elon Musk; singer Kanye West and his wife, Kim Kardashian, the reality TV star.
Ms. Lacewell said hackers obtained login credentials after calling several employees, pretended to work in Twitter's IT department, and claimed they were responding to problems with the company's virtual private network, which had become commonplace because employees worked from home.
"The extraordinary access that hackers gained with this simple technology underscores Twitter's cyber security vulnerability and the potential for devastating consequences," the report said.
Twitter's lack of time for an information security manager also made the San Francisco-based company more The report said.
Prosecutors in Florida said Graham Ivan Clark was the mastermind behind the hack and accused the 17-year-old resident of Tampa of 30 crimes.
Mr. Clark has pleaded not guilty. Federal prosecutors accused two others of aiding the hack. Catalog