Hacking of CEO Jack Dorsey's account prompts Twitter to disable 'tweet via SMS' feature

SIM swap fraud is a very simple exploit involving phishing and social engineering.


Now that its CEO's account has been hacked, Twitter is taking steps to protect user accounts from similar attacks.

Twitter CEO Jack Dorsey's account was compromised last month when unknown hackers replicated a phone number associated with the account and started tweeting from it via SMS.

Via a tweet, Twitter has confirmed that the tweet via SMS functionality has been disabled and that the company is exploring options for delinking phone numbers from two-step authentication needed for secure access to accounts. The company also blames mobile carriers for not taking steps to prevent such fraud from happening.

Hacking of CEO Jack Dorseys account prompts Twitter to disable tweet via SMS feature

Twitter CEO Jack Dorsey. Image: Reuters

SIM swap fraud is a very simple exploit involving phishing and social engineering. A fraudster need only acquire enough personal information on a user to convince a mobile carrier that the victim's phone was stolen or the SIM lost. Carriers, after a minimum of verification, issue a new SIM with the victim's number.

Fraudsters can use this SIM to access a target user's OTP codes from banks and personal accounts, and in Dorsey's case, his Twitter account.

 

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.