Security Experts:

Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

Twitter Temporarily Disables Tweeting via SMS After CEO Hack

Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts.

Twitter announced on Wednesday that it has decided to temporarily disable the feature that allows users to post tweets via SMS, in an effort to protect accounts.

“We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this),” Twitter said.

It added, “We’ll reactivate this in markets that depend on SMS for reliable communication soon while we work on our longer-term strategy for this feature.”

The decision comes after a hacker group called Chuckling Squad hijacked the account of Twitter CEO Jack Dorsey and posted offensive messages and even bomb threats. The unauthorized tweets were visible for roughly half an hour before being removed.

The hackers used a technique called SIM swap to pull off the attack. They used social engineering to convince an AT&T employee to transfer Dorsey’s phone number to their own SIM card. Once they gained control of Dorsey’s number, they used a Twitter-owned service named Cloudhopper to post tweets to the CEO’s account.

Cloudhopper allows users to tweet, follow or unfollow users, and make configuration changes by sending SMS messages from a phone number linked to their Twitter account to a specific number. In the attack against Dorsey, this allowed the hackers to post tweets without actually having to log in.

Other high-profile individuals, particularly social media influencers, have also been targeted by Chuckling Squad using SIM swapping.

Related: Twitter CEO Hack Highlights Dangers of ‘SIM Swap’ Fraud

Related: Twitter Again Admits Sharing User Data Without Permission

Related: Scotland Yard Twitter and Emails Hacked

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...