Twitter shut down SMS functionality after the company’s CEO was hacked
Hundreds of thousands, if not millions of Twitter users ran out of words a few days ago after reading some ultra-nationalist and racist messages posted on the timeline of Jack Dorsey, the company’s CEO. After the social network’s data protection team determined that it was a hacking attack, some measures were announced to prevent similar incidents in the future.
Through a statement, Twitter announced that a
social network feature has been removed; this feature allowed users to send
text messages (SMS) to post tweets in case of not having access to the app or
website. This was the attack vector used by hackers to enter Dorsey’s account;
even though some experts had already pointed out this weakness, the company had
not taken action on it until its own CEO suffered the consequences. “The
phone number linked to Dorsey’s account was compromised by an oversight of a
mobile phone service provider,” the company’s report says.
“The function will be temporarily
disabled. We have made this decision because of the security flaws in this
role, which we will correct in conjunction with the companies providing mobile
phone services,” the micro blogging social network statement says.
According to data protection specialists, the
company will need to reconsider employing users’ phone numbers as a multi-factor
authentication method, the only one used by the company so far.
“The feature will be reactivated once the vulnerabilities are
corrected”, concludes the company’s message. At the time of writing, the
feature had been reactivated in some locations.
This incident has created public relations
chaos for the micro blogging social media, in fact, according to data
protection experts from the International Institute of Cyber Security (IICS),
it could have been prevented if the company paid sufficient attention to the
feedback it receives from its millions of users, security firms and independent
security researchers.
Gloss