Twitter rejects tweets via text message after CEO account hack

WASHINGTON: Twitter on Wednesday he stopped the ability of users to send tweets through text messages, as it seeks to correct a vulnerability that led to the CEO Jack dorsey The account is being hijacked.

Last week, Dorsey was the target of the so-called SIM swap fraud, which allows a hacker to trick a mobile operator into transferring a number, which could cause people to lose control not only of networks. social, but also bank accounts and other confidential information.

This type of attack points to a weakness in the use of two-factor authentication through text messages to validate access to an account, an intrusion method that has become popular in recent years.

"We're temporarily turning off the ability to Tweet via SMS, or text message, to protect people's accounts," the Twitter support team wrote on the platform.

We are taking this step due to the vulnerabilities that must be addressed by mobile phone operators and our dependence on having a linked telephone number for two-factor authentication.

The San Francisco-based service added that as you work on a long-term solution to the problem, tweets through text messages will finally be activated in markets where users rely on that technique.

Even with considerable security precautions in place, Dorsey became the victim of the embarrassing compromise when attackers hijacked his phone number and took control of his Twitter account.

Dorsey's account was restored after a brief period during which the attackers published a series of offensive tweets.

Some analysts say that hackers have found ways to easily obtain enough information to convince a telecom operator to transfer a number to a scammer's account, especially after hackers from large databases that result in personal data sold on the dark web call.

Text messages from mobile accounts can be hijacked by sophisticated hardware techniques, but also by the so-called 'social engineering', which convinces a mobile service provider to migrate their account to another unauthorized phone, said R David Edelman , former White House. Advisor who runs a cybersecurity research center at the Massachusetts Institute of Technology.

It only takes a few minutes of confusion to make mischief like the one Dorsey experienced.