In a report on the hack of Twitter by a "17-year-old" and his accomplices, the New York State Department of Financial Services ("NYDFS") recommended a new cybersecurity regulatory framework for the largest social media companies.

In the report, the NYDFS found that the hackers used unsophisticated methods to successfully access the Twitter accounts, due in large part to weaknesses in Twitter's cybersecurity protocols. The NYDFS found that Twitter's privacy policies were materially deficient. Specifically, the NYDFS found that Twitter did not have a chief information security officer at the time of the incident and failed to address the new security risks created by the pandemic and the massive shift to remote work. In addition, the NYDFS found that Twitter's response to the incident was deficient in that it, among other things, "did not publicly report any real-time updates" and made only a very limited "public acknowledgement" of the problems.

The NYDFS noted that various high-profile users, including former President Barack Obama and several cryptocurrency companies, were targeted as part of the attack. The NYDFS detailed how other regulated cryptocurrency companies responded swiftly to block consumer attempts to transfer money to the fraudulent addresses the hackers used in their "double your bitcoin" scam. According to the report, the swift and effective response of NYDFS-regulated cryptocurrency companies highlights how regulation can "foster innovation and growth, while also protecting consumers."

The NYDFS concluded that the Twitter hack "demonstrates the need for strong cybersecurity to curb the potential weaponization of major social media companies," particularly with regard to markets, elections and disinformation. As a result, NYDFS recommended expanded oversight for large social media companies through comprehensive cybersecurity regulation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.