The chief executive of a company which demonstrated a security flaw in Twitter by hijacking the accounts of Eamonn Holmes and Louis Theroux has denied breaking the law.
Mr Holmes and Mr Theroux were among celebrities and journalists who tweeted messages on Thursday stating their accounts had been "temporarily hijacked by Insinia Security".
Mike Godfrey, who runs Insinia Security, explained to Sky News that the accounts had been hijacked to demonstrate how Twitter allows anyone who knows your phone number to tweet from your account.
According to the company the bug allowing the hijack to happen has been known about for six years, but Insinia acted to raise awareness of it because Twitter seemed unwilling to address the issue.
Twitter has claimed it has since fixed the flaw, although Mr Godfrey disputed this when speaking to Sky News and claimed it was still working as of Friday night.
Insinia's stunt was also criticised by some members of the information security community for potentially breaching laws regarding hacking, and re-igniting a debate about the Computer Misuse Act 1990 (CMA).
Andrew Tierney, a security consultant at UK-based firm Pen Test Partners, said: "This new trend of ignoring the Computer Misuse Act is not cool."
Ken Munro, the founder of Pen Test Partners, agreed with Mr Tierney, stating: "It encourages some to break to law, thinking it's okay to do so, as others did publicly. Violating the Computer Misuse Act is not cool."
Asked if he was concerned about being in breach of the CMA, Mr Godfrey said: "I wouldn't say I'm concerned about it."
He added that he thought the law "wasn't fit for purpose" and explained how his company's work discovering a data breach at TalkTalk came about because the company purchased the stolen data from a criminal, in partnership with a media organisation for a news report.
"We haven't hacked anything," he explained, saying that there was simply no authentication processes for the company to have breached, and stressing: "There was no criminal intent, no criminal gain, no traversal, no pivoting, nothing at all."
Insinia stressed to Sky News that it did not access data, nor did the hijack put any of the Twitter users' data at risk of being accessed, but merely allowed them to send a message from their account.
A spokesperson for Twitter told Sky News: "We've resolved a bug that allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing.
More from Science & Tech
"We'll continue to investigate any related reports to ensure our account security protocols are functioning as expected."
Cyber security businesses in the UK, including information assurance firm NCC Group, have also complained that the CMA is outdated and prevents them from conducting commercial threat intelligence analysis, unlike rivals in the US and Israel.
[contf] [contfnew]
Sky News
[contfnewc] [contfnewc]