NEW YORK (Reuters) – Twitter suffered from a cybersecurity failure that led to a “minor” hack by a teen in Florida and to access accounts of several celebrates in July, according to a report released on Wednesday. “Twitter’s vulnerability to a botched attack shows that self-regulation is not an appropriate solution to security problems,” said Linda Lacewell, financial services supervisor.
Twitter said that they accepted the recommendations and the criticism against them, they added we worked to increase security for its teams and platform. Twitter acknowledged that some employees were tricked into sharing account credentials to the hacker.
New York Governor Andrew Cuomo said the report showed a “regulatory gap,” vowing that the state would take the lead to protect users. Cuomo also ordered an investigation following the July 15 hack of celebrity Twitter accounts, in an alleged scam that stole more than $118,000 in bitcoin.
The US presidential candidate Joe Biden, former President Barack Obama, billionaires Jeff Bezos, Bill Gates and Elon Musk, Singer Kanye West and his wife Kim Kardashian, were victims of this attack.
Lacewell reported that the hackers accessed the login credentials after contacting several employees, pretending to work in the IT department of Twitter, and claiming that they were trying to solve some of the company’s VPN problems, which became popular because the employees were working from home.
“The exceptional access that hackers gained with this simple technology prove Twitter’s cybersecurity weakness and the potential for severe consequences” the report said. The report added that Twitter’s lack of a chief information security officer at the time made the San Francisco-based company even more vulnerable.
Florida prosecutors also said Evan Clark was the mastermind behind the hack, and the 17-year-old, who lives in Tampa, Florida, was charged as an adult with 30 felony charges.
Clark has denied any connection to the hack. Federal prosecutors charged two others with aiding the hack.