Twitter hack shows need for cybersecurity regulations, govt. report says

The report argues Facebook and Twitter are "systemically important institutions" that need cybersecurity regulations to protect users — and everyone else.
By Jack Morse  on 
Twitter hack shows need for cybersecurity regulations, govt. report says
Double tap for cybersecurity standards. Credit: bob al-greene / mashable

In the eyes of government regulators, critical services and lax cybersecurity don't mix — especially when those services support the online accounts of former president Barack Obama, former vice president Joe Biden, and current president Donald Trump.

The embarrassing and costly Twitter hack this past July served as more than just a wake-up call for the scores of public figures who trusted the social media giant to keep their accounts safe. In a comprehensive report released Tuesday, New York State's Department of Financial Services argues that the hack proved that, left unregulated, "systemically important institutions" such as Twitter pose a "risk to society."

The report breaks down, in detail, both how Twitter was hacked and the security lapses which allowed a Florida teenager to (allegedly) mastermind the entire thing. Notably, it doesn't exactly paint Twitter's executive team in a favorable light.

"The problems started at the top: Twitter had not had a chief information security officer ("CISO") since December 2019, seven months before the Twitter Hack," reads the report. "A lack of strong leadership and senior-level engagement is a common source of cybersecurity weaknesses."

According to the report, Twitter's security "problems" were only exacerbated by the push to remote work necessitated by the coronavirus pandemic. Like many other newly remote workers, Twitter's employees experienced tech problems working from home. Hackers were able to capitalize on this, tricking at least one Twitter employee into believing the hacker was a member of Twitter's IT team.

The Twitter hack, notes the report, shows why antitrust regulation is only one part of the regulatory puzzle when it comes to social media companies. Without some form of basic cybersecurity standards, and the power to enforce them, we set ourselves up for more breaches, data leaks, and hacks of prominent figures. If the hackers are after more than just bitcoin, that could spell all kinds of disaster.

That argument becomes only more timely as social media continues to serve as a conduit for misinformation during the run up to the 2020 U.S. presidential election.

And while Tuesday's report is specifically in response to the Twitter hack, it notably does not limit its recommendations to only Twitter. Instead, it uses the July hack to introduce the broader idea of cybersecurity regulations for larger social media players. Critically, this would include Facebook.

"We need a comprehensive cybersecurity regulation and an appropriate regulator for large social media companies," continues the report. "The stakes are too high to leave to the private sector alone."

We reached out to both Twitter and Facebook in an attempt to determine if either company would be open to some form of government cybersecurity regulations, and, if so, what those regulations would ideally look like.

While a Twitter spokesperson did respond, the spokesperson did not directly answer any of our questions.

"Protecting people's privacy and security is a top priority for Twitter, and it is not a responsibility we take lightly," wrote the company spokesperson. "As we shared on September 24, 2020, we will continue to prioritize and accelerate our efforts to increase the security of our platform and how our teams work. We have been continuously investing in improvements to our teams and our technology that enable people to use Twitter securely." 

We received no immediate response from Facebook.

It's worth mentioning that cybersecurity regulations for social media companies is not that far-fetched of an idea. Some regulations — like New York's SHIELD (Stop Hacks and Improve Electronic Data Security) Act, enacted in 2019 — already exist. Many other industries, like the financial sector, are regulated and have clear rules for handling and securing customer data.

SEE ALSO: Twitter may have to pay hundreds of millions in fines for privacy screw-up

"[There] are no regulators that have the authority to uniformly regulate social media platforms that operate over the internet, and to address the cybersecurity concerns identified in this Report," notes the Department of Financial Services report. "That regulatory vacuum must be filled."

Indeed, mandating basic security standards seems like an idea whose time is overdue. It remains to be seen, however, whether Facebook will like being regulated because of the fall-out from a Twitter hack. But then again, when it comes to unsecured messes, Facebook has its own long and storied history.

Mashable Image
Jack Morse

Professionally paranoid. Covering privacy, security, and all things cryptocurrency and blockchain from San Francisco.


Recommended For You
'Sing Sing' review: Colman Domingo delivers in prison-set friendship drama
Colman Domingo and Clarence Maclin deliver tremendous performances in "Sing Sing."

Tilda Swinton and Julio Torres reveal 'Problemista's unexpected common ground
 Julio Torres and Tilda Swinton co-star in "Problemista."

Sandworms and solar eclipses: 5 things we learned from 'The Art and Soul of 'Dune: Part Two''
Paul Atreides in a Fremen stillsuit.

'A Nice Indian Boy' review: East-meets-West with a twist in an instant rom-com classic
Karan Soni and Jonathan Groff in "A Nice Indian Boy."

Talking trash with 'Problemista's Tilda Swinton and Julio Torres
Julio Torres and Tilda Swinton play misfits in New York City in "Problemista."

More in Tech
How to watch 'Lisa Frankenstein' at home: When is it streaming?
Kathryn Newton and Cole Sprouse in 'Lisa Frankenstein'


How to watch NC State vs. Marquette basketball without cable
DJ Horne #0 of the North Carolina State Wolfpack drives to the basket as Blake Lampman #11 of the Oakland Golden Grizzlies defends during the first half of a game in the second round of the NCAA Men's Basketball Tournament at PPG PAINTS Arena on March 23, 2024, in Pittsburgh, Pennsylvania.

How to watch Gonzaga vs. Purdue basketball without cable
Purdue Boilermakers guard Lance Jones (55) starts a fast break during the Purdue Boilermakers versus the Utah State Aggies in the second round of the NCAA Division I Championship on March 24, 2024, at Gainbridge Fieldhouse in Indianapolis, Indiana.

How to watch Tennessee vs. Creighton basketball without cable
Ryan Kalkbrenner #11 of the Creighton Bluejays goes to the basket in the first half of the game against the Oregon Ducks during the second round of the 2024 NCAA Men's Basketball Tournament held at PPG PAINTS Arena on March 23, 2024, in Pittsburgh, Pennsylvania.

Trending on Mashable
NYT Connections today: See hints and answers for March 28
A phone displaying the New York Times game 'Connections.'

Wordle today: Here's the answer and hints for March 28
a phone displaying Wordle

NYT Connections today: See hints and answers for March 27
A phone displaying the New York Times game 'Connections.'


The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!