Twitter in Serious Need for Better 2FA as Twitterati Questions its Security
- Jack Dosey’s account compromised due to a security oversight by the mobile provide
- Simswapping or simjacking used by hackers to control the account
Jack Dorsey, the co-founder and CEO of Twitter had his account taken over briefly by the hackers on August 31st. Twitter confirmed when it Tweeted,
“We're aware that Jack was compromised and investigating what happened.”
.@jack got hacked on his own app
— Kyle Kashuv (@KyleKashuv) August 30, 2019
It further stated that the account has been secured with “no indication that Twitter's systems have been compromised.”
As for how did it exactly happen?
“The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number,” read the statement from Twitter Comms.
Maybe Twitter will fix their 2fa now to default to something other than SMS.
— Strip Mall Status (@ledgerstatus) August 30, 2019
The profile — that has more than four million followers — tweeted a flurry of racist and highly offensive remarks during the 15 minutes the account remained hacked. The offensive messages used the n-word and anti-Semitic comments.
The Chuckling squad that has taken credit for a number of attacks on high-profile Twitter accounts recently said it was behind this attack as well.
The hackers used a technique known as Simswapping or simjacking to control Dorsey’s account.
In this technique, the existing phone number is transferred to a new Sim card.
“SIM swapping is, it's when someone tricks or bribes someone at a mobile phone provider/store into transferring your cell service to a new SIM card/device they control. Allows interception of text messages, phone calls used for two-factor authentication,” explained Brain Krebs, Author of ‘Spam Nation.'
For those asking what SIM swapping is, it's when someone tricks or bribes someone at a mobile phone provider/store into transferring your cell service to a new SIM card/device they control. Allows interception of text messages, phone calls used for two-factor authentication.
— briankrebs (@briankrebs) August 30, 2019
The attackers were then able to post tweets via text message on to Dorsey’s Twitter account by taking control of the number.
If @jack can be hacked, we're all doomed …
— James A. Gagliano (@JamesAGagliano) August 30, 2019
If Jack Dorsey, the CEO of Twitter can get hacked, we might as well all make our passwords public
— 𝐄𝐱𝐚𝐯𝐢𝐞𝐫 𝐏𝐨𝐩𝐞 (@exavierpope) August 30, 2019
— Justin Sun (@justinsuntron) August 31, 2019