Twitter sparked criticism and calls for comprehensive regulation Wednesday from the New York State Department of Financial Services (DFS) over a July hack that hijacked dozens of high profile accounts.
An investigation into the incident requested by New York Gov. Andrew Cuomo shortly after the Twitter accounts were compromised culminated in DFS issuing their findings in a report.
Calling it “a cautionary tale about the extraordinary damage that can be caused even by unsophisticated cybercriminals,” the agency said the hack was largely successful due to lapse security at Twitter.
“Social media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” said New York state Superintendent of Financial Services Linda A. Lacewell. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” she said in a statement.
Twitter accounts belonging to former President Barack Obama and billionaires including Bill Gates and Elon Musk were among the dozens hijacked during the hack and then used to solicit funds.
Prosecutors have since charged two adults and a teen in the scheme, which authorities believe resulted in the perpetrators being sent more than $100,000 worth of the digital cryptocurrency Bitcoin.
The report ordered by Mr. Cuomo, a Democrat, said hackers were successful largely because of “weaknesses in Twitter’s internal cybersecurity protocols” that allowed the accounts to be commandeered.
While the Twitter hack lasted hours, the report said that DFS-regulated cryptocurrency companies reacted within minutes to block over 6,000 attempted transfers worth approximately $1.5 million.
“These actions were made possible because the Cryptocurrency Companies had robust programs around cybersecurity, fraud-prevention and anti-money laundering programs–as required by DFS regulations,” reads part of the DFS report. “As the Department has shown, a balance can be struck between encouraging innovation and promulgating regulation to protect consumers.”
“Protecting people’s privacy and security is a top priority for Twitter, and it is not a responsibility we take lightly,” a Twitter spokesperson reacted when reached by The Washington Times. “We have been continuously investing in improvements to our teams and our technology that enable people to use Twitter securely. This work is constant and always evolving.”