Twitter hackers posed as IT workers to trick employees, NY probe finds

A simple phone scam was the key first step in the Twitter hack that took over dozens of high-profile accounts this summer, New York regulators say.

The hackers responsible for the July 15 attack called Twitter employees posing as company IT workers and tricked them into giving up their login credentials for the social network’s internal tools, the state’s Department of Financial Services said Wednesday.

The findings were part of the agency’s report on its investigation into the hack, which offered one of the most detailed public accounts yet of the scam that broke into the Twitter accounts of celebrities and politicians such as Joe Biden, Elon Musk and Kanye West.

“Given that Twitter is a publicly traded, $37 billion technology company, it was surprising how easily the hackers were able to penetrate Twitter’s network and gain access to internal tools allowing them to take over any Twitter user’s account,” regulators wrote in the report.

“Indeed, the hackers used basic techniques more akin to those of a traditional scam artist: phone calls where they pretended to be from Twitter’s Information Technology department,” they added.

The agency found no evidence that Twitter’s employees knowingly helped the hackers, and some of them reported the suspicious calls to the company’s fraud monitoring team, according to the report.

But state regulators faulted Twitter for lacking basic cybersecurity protections at the time of the attack, such as a chief information security officer and “adequate access controls and identity management” — measures that are required under New York’s cybersecurity regulation.

The report also calls for new regulations that would designate big social media firms as “systemically important,” similar to existing rules for significant banks and other financial institutions.

“Social media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” Financial Services Superintendent Linda Lacewell said in a statement. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer.”

Twitter said it cooperated with the state’s review and with law-enforcement officials investigating the hack. Authorities have charged three people — including a Florida teenager — in connection with the incident.

The San Francisco-based company also announced efforts last month to tighten up access to its internal tools and better track down suspicious activity.

“Protecting people’s privacy and security is a top priority for Twitter, and it is not a responsibility we take lightly,” a Twitter spokesperson said in a statement. “… We have been continuously investing in improvements to our teams and our technology that enable people to use Twitter securely. This work is constant and always evolving.”

All countries
137,238,387
Total confirmed cases
Updated on April 13, 2021 12:18 am
Italy
3,779,594
Total confirmed cases
Updated on April 13, 2021 12:18 am
Spain
3,370,256
Total confirmed cases
Updated on April 13, 2021 12:18 am
Iran
2,093,452
Total confirmed cases
Updated on April 13, 2021 12:18 am
Germany
3,021,064
Total confirmed cases
Updated on April 13, 2021 12:18 am

Latest Updates

Without Backpackers to Pick Them, Crops Rot by the Ton in Australia

SHEPPARTON, Australia — Peter Hall ran a hand over the Gala apples sitting in a wooden crate on his orchard in southeastern Australia, lamenting...

U.S. Will Have Enough COVID-19 Vaccines for All Adults by End of May, Biden Says

You have reached your limit of 4 free articles. Get unlimited access to TIME.com.99¢ for the first month Subscribe Now You have...

Biden Vows Enough Vaccine ‘for Every Adult American’ by End of May

But Johnson & Johnson and its partners fell behind in their manufacturing. The company was supposed to deliver its first 37 million doses by...

Popular Articles

Without Backpackers to Pick Them, Crops Rot by the Ton in Australia

SHEPPARTON, Australia — Peter Hall ran a hand over the Gala apples sitting in a wooden crate on his orchard in southeastern Australia, lamenting...

U.S. Will Have Enough COVID-19 Vaccines for All Adults by End of May, Biden Says

You have reached your limit of 4 free articles. Get unlimited access to TIME.com.99¢ for the first month Subscribe Now You have...

Biden Vows Enough Vaccine ‘for Every Adult American’ by End of May

But Johnson & Johnson and its partners fell behind in their manufacturing. The company was supposed to deliver its first 37 million doses by...

Twitch gamer Sodapoppin quits fake GTA jobs because they’re too hard

Sometimes being a fake fast-food restaurant manager can be as taxing as being a real one. This is especially true when you also have pretend...

Sarkozy says could take corruption appeal to European human rights court

France's former president Nicolas Sarkozy said Tuesday that he might consider taking his appeal against a corruption conviction to the European Court of...

Where Biden’s Foreign Policy Is Taking the U.S.

One day before the administration announced its decision on Saudi Arabia, Biden gave the first major indication of his presidency that he would be...

Interviews