NYS DFS Publishes its Investigative Report of the Twitter Hack of July 2020
1 min read
Oct 16, 2020
The New York State Department of Financial Services issued a press release on Thursday announcing the publication of its investigative report of the July 2020 Twitter hack. The exhaustive report reviews the facts surrounding the hack, provides a visual timeline, and explores the cybersecurity weaknesses at Twitter that made the hack possible, including a lack of leadership, vulnerability to social engineering, and a failure to address the new vulnerabilities caused by the pandemic-driven shift to mass remote working.
A few key report findings we are highlighting: (1) the hackers accessed Twitter’s systems by calling employees and claiming to be from the IT department; (2) the hackers duped four employees into providing log in credentials which enabled them
At the time of the attack Twitter did not have a CISO, nor did it have adequate access controls and identify management, or adequate security monitoring. The Report identifies best practices that address the weaknesses the hack exposed and recommends, among other things, that large social media companies be designated as systemically important institutions and be subjected to prudential regulation to manage their heightened cybersecurity risk.
A copy of the release and report is available at the links below.
https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202010141