A simple phone scam was the key first step in a Twitter hack that took control of dozens of high profile accounts this summer, according to New York regulators.
The hackers responsible for the July 15 attack called out Twitter employees posing as company IT workers and tricked them into giving up their login credentials for the social network’s internal tools, the social network said on Wednesday. state financial services department.
The findings were part of the agency’s report into its hacking investigation, which offered one of the most detailed public accounts to date on the scam that entered the Twitter accounts of celebrities and politicians such as Joe Biden. , Elon Musk and Kanye West.
REPRESENTATIVE. KEN BUCK DEMANDS DOJ INVESTIGATE REMOVAL OF BIG TECH PROTECTION AFTER NYPOST BIDEN ARTICLE CENSORED
“Considering that Twitter is a $ 37 billion publicly traded tech company, it was surprising how easily hackers were able to penetrate Twitter’s network and gain access to internal tools that allowed them to take control of n ‘any Twitter user account,’ the regulators wrote in the report.
“Indeed, the hackers used basic techniques more akin to those of a traditional con artist: phone calls where they claimed to be from Twitter’s IT department,” they added.
The agency found no evidence that Twitter employees knowingly aided the hackers, and some of them reported the suspicious calls to the company’s fraud monitoring team, according to the report.
But state regulators blamed Twitter for lacking basic cybersecurity protections at the time of the attack, such as an information security official and “access controls and management.” Identity Adequate ‘- measures required by New York cybersecurity regulations.
TWITTER TO PAY $ 100,000 FOR WASHINGTON STATE CAMPAIGN FUNDING VIOLATIONS
The report also calls for new regulations that would designate large social media companies as “systemically important,” similar to existing rules for large banks and other financial institutions.
“Social media platforms have quickly become the primary source of news and information, but no regulator has adequate oversight of their cybersecurity,” Financial Services Superintendent Linda Lacewell said in a statement. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the solution.”
GET FOX BUSINESS ON THE ROAD BY CLICKING HERE
Twitter said it was cooperating with the state’s review and with law enforcement officials investigating the hack. Authorities have charged three people – including a teenager from Florida – in connection with the incident.
The San Francisco-based company also announced efforts last month to increase access to its internal tools and better track down suspicious activity.
CLICK HERE TO READ MORE STORIES ABOUT FOX BUSINESS
“Protecting the privacy and security of people is a top priority for Twitter, and it’s not a responsibility we take lightly,” a Twitter spokesperson said in a statement. “… We continually invest in improving our people and our technology that allows people to use Twitter safely. This work is constant and constantly evolving. ”
This report first appeared in the New York Post.