Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Twitter Temporarily Disables Tweeting via SMS After CEO Hack

Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts.

Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts.

“We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this),” Twitter said.

It added, “We’ll reactivate this in markets that depend on SMS for reliable communication soon while we work on our longer-term strategy for this feature.”

The decision comes after a hacker group called Chuckling Squad hijacked the account of Twitter CEO Jack Dorsey and posted offensive messages and even bomb threats. The unauthorized tweets were visible for roughly half an hour before being removed.

The hackers used a technique called SIM swap to pull off the attack. They used social engineering to convince an AT&T employee to transfer Dorsey’s phone number to their own SIM card. Once they gained control of Dorsey’s number, they used a Twitter-owned service named Cloudhopper to post tweets to the CEO’s account.

Cloudhopper allows users to tweet, follow or unfollow users, and make configuration changes by sending SMS messages from a phone number linked to their Twitter account to a specific number. In the attack against Dorsey, this allowed the hackers to post tweets without actually having to log in.

Other high-profile individuals, particularly social media influencers, have also been targeted by Chuckling Squad using SIM swapping.

Related: Twitter CEO Hack Highlights Dangers of ‘SIM Swap’ Fraud

Advertisement. Scroll to continue reading.

Related: Twitter Again Admits Sharing User Data Without Permission

Related: Scotland Yard Twitter and Emails Hacked

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.