The hackers who took over a number of high profile Twitter accounts, including those belonging to Barack Obama and Elon Musk, for several hours this summer gained entry into Twitter’s internal systems simply by posing as company IT officials making a support call, according to an investigative report Wednesday by New York regulators.
At the time of the July 15 attack, Twitter had no chief information security officer and suffered from poor internal security controls, the report concluded.
Officials behind the report called for additional cybersecurity regulation of major tech platforms.
“In other industries that are deemed critical infrastructure, such as telecommunications, utilities, and finance, we have established regulators and regulations to ensure that the public interest is protected,” said the report from New York’s Department of Financial Services. “With respect to cybersecurity, that is what is needed for large, systemically important social media companies.”
In a statement, Twitter said it has taken steps to enhance the security of its platform, cooperated with the Department’s investigation, and that multiple arrests have been carried out in the wake of the attack.
“Protecting people’s privacy and security is a top priority for Twitter, and it is not a responsibility we take lightly,” the statement said. “We have been continuously investing in improvements to our teams and our technology that enable people to use Twitter securely. This work is constant and always evolving.”
The high-profile hack saw several celebrity accounts taken over by a bitcoin scam that promised victims a 100% return on their investments. In addition to Obama and Musk, the hackers were able to take over accounts belonging to Joe Biden, Kim Kardashian West, Uber and Apple, among others. As one of the nation’s