Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Twitter Temporarily Disables Tweeting via SMS After CEO Hack

Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts.

Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts.

“We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this),” Twitter said.

It added, “We’ll reactivate this in markets that depend on SMS for reliable communication soon while we work on our longer-term strategy for this feature.”

The decision comes after a hacker group called Chuckling Squad hijacked the account of Twitter CEO Jack Dorsey and posted offensive messages and even bomb threats. The unauthorized tweets were visible for roughly half an hour before being removed.

The hackers used a technique called SIM swap to pull off the attack. They used social engineering to convince an AT&T employee to transfer Dorsey’s phone number to their own SIM card. Once they gained control of Dorsey’s number, they used a Twitter-owned service named Cloudhopper to post tweets to the CEO’s account.

Cloudhopper allows users to tweet, follow or unfollow users, and make configuration changes by sending SMS messages from a phone number linked to their Twitter account to a specific number. In the attack against Dorsey, this allowed the hackers to post tweets without actually having to log in.

Other high-profile individuals, particularly social media influencers, have also been targeted by Chuckling Squad using SIM swapping.

Related: Twitter CEO Hack Highlights Dangers of ‘SIM Swap’ Fraud

Advertisement. Scroll to continue reading.

Related: Twitter Again Admits Sharing User Data Without Permission

Related: Scotland Yard Twitter and Emails Hacked

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...