In case you don’t know it already, Twitter Founder Jack Dorsey’s Twitter account was hacked last Friday after the phone number associated with his account was compromised “due to a security oversight by the mobile provider”.
In response to that, Twitter has announced that it has temporarily turned off the tweet-via-SMS functionality that is believed to have been exploited by the hackers to send a series of disturbing tweets from Dorsey’s account last Friday.
We’re temporarily turning off the ability to Tweet via SMS, or text message, to protect people’s accounts.
Ipad Min 2US $275.00 Harare
Rarely Used 2019 SE2719H Dell Monitor + Gaming Mechanical KeyboardUS $380.00 Harare
Apple Airpods proUS $35.00 Harare
Acer LaptopUS $145.00 Harare
— Twitter Support (@TwitterSupport) September 4, 2019
How hackers gain control
via the SMS service
To tweet via SMS , all you have to do is register your mobile phone number with your Twitter account. Then from your smartphone, you can send an SMS message to a special “short code” number. In response, Twitter will match the SMS message to your account, and automatically post it as a tweet.
The problem occurs if your mobile phone number falls into the wrong hands. Twitter has no idea of knowing that your phone number has been transferred to a hacker. The company’s Tweet via SMS feature simply assumes the original owner is control of the number with no safeguard to detect a potential hijacking.
Twitter went on to say that shutting this service is necessary to ensure that mobile network operators address the vulnerabilities at their end to prevent the steady stream of hacks faced by celebrities and public personalities in the US over the past few weeks. The company also said that it’s working on a better way to ensure two-factor authentication (2FA) for enhanced security.