Report: New York DFS Reveals Twitter Cybersecurity Issues

On October 14, the New York Department of Financial Services (NYDFS) released a report on the Twitter hack that occurred in mid-July and cost users over $118,000 worth of BTC. According to the report, the breach in Twitter has brought forward many security weaknesses that could be highly consequential for the platform in its influence on the expanding cryptocurrency market.

Researchers claimed that the hackers were able to penetrate the platform by making phone calls to account holders and pretending that they were from Twitter’s support team. The way that the perpetrators obtained access to the accounts is said to not only underscore the vulnerability of the social media but also call for potential changes in how global platforms are being protected.

“The Twitter Hack demonstrates the need for strong cybersecurity to curb the potential weaponization of major social media companies,” the report said. “But our public institutions have not caught up to the new challenges posed by social media. While policymakers focus on antitrust and content moderation problems with large social media companies, their cybersecurity is also critical.”

As stated in the report, in one of the final phases of the attack, the hackers even tried to target NYDFS-regulated crypto companies, who managed to respond quickly and blocked the impacted addresses. Coinbase, Gemini, and Square supposedly discarded the Bitcoin addresses posted by the criminals within 40 minutes of the start of the initial attack. Researchers claimed that Coinbase prevented nearly 5,670 transfers, worth around $1.3 million, and Square – 358 transfers valued at roughly $51,000.

In order to prevent similar events in the future, the NYFDS made several suggestions on how crypto firms can improve their security. These include using a strong and unique password, regularly monitoring accounts for unauthorized posts, and avoiding SMS-based communication due to its susceptibility to hacks. Experts also advised limiting employee’s access as an additional security measure.

“While Twitter did have some access controls in place, they were not enough to prevent the Twitter Hack. Twitter did limit access to the internal tools, but over 1,000 Twitter employees still had access to them for job functions and duties such as Twitter user account maintenance and support, content review, and responses to reports of Twitter Rules violations. Immediately after the Twitter Hack, however, Twitter further limited the number of employees with access to the internal tools, even though it caused a slowdown of some job functions.”