What happened: Twitter is “temporarily” disabling the option to tweet via SMS. It said that mobile carriers need to address “vulnerabilities” in their system, and Twitter needs to rework its reliance on linked phone numbers for two-factor authentication. It’ll reactivate this feature for markets that depend on SMS for reliable communication “soon”, and will also work on a long-term strategy for the feature.
Why it matters: Twitter CEO Jack Dorsey’s account was hacked last week by a group that calls itself the Chuckle Squad. The hackers tweeted multiple racial slurs, anti-semitic messages, and at least one Holocaust denial from his account. The account was recovered soon enough, but the company blamed Dorsey’s mobile service provider, saying that “the account was compromised due to a security oversight by the mobile provider” and send tweets via SMS from the phone number.
The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.
— Twitter Comms (@TwitterComms) August 31, 2019
SIM hackers spreading on Twitter: The hack appeared to come from the same group that had targeted multiple YouTube celebrities on Twitter. At the time, the people affected had suggested that their accounts were breached following a SIM card swap conducted by mobile service provider AT&T.
Twitter did not do this when a cybersecurity company (controversially) proved it was possible with high profile accounts recently; Twitter only acted after @jack's account was targeted https://t.co/14M572W5LZ
— Joseph Cox (@josephfcox) September 4, 2019