Hacking of CEO Jack Dorsey's account prompts Twitter to disable 'tweet via SMS' feature

SIM swap fraud is a very simple exploit involving phishing and social engineering.


Now that its CEO's account has been hacked, Twitter is taking steps to protect user accounts from similar attacks.

Twitter CEO Jack Dorsey's account was compromised last month when unknown hackers replicated a phone number associated with the account and started tweeting from it via SMS.

Via a tweet, Twitter has confirmed that the tweet via SMS functionality has been disabled and that the company is exploring options for delinking phone numbers from two-step authentication needed for secure access to accounts. The company also blames mobile carriers for not taking steps to prevent such fraud from happening.

Twitter CEO Jack Dorsey. Image: Reuters

Twitter CEO Jack Dorsey. Image: Reuters

SIM swap fraud is a very simple exploit involving phishing and social engineering. A fraudster need only acquire enough personal information on a user to convince a mobile carrier that the victim's phone was stolen or the SIM lost. Carriers, after a minimum of verification, issue a new SIM with the victim's number.

Fraudsters can use this SIM to access a target user's OTP codes from banks and personal accounts, and in Dorsey's case, his Twitter account.

 


Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.