Twitter in Serious Need for Better 2FA as Twitterati Questions its Security

  • Jack Dosey’s account compromised due to a security oversight by the mobile provide
  • Simswapping or simjacking used by hackers to control the account

Jack Dorsey, the co-founder and CEO of Twitter had his account taken over briefly by the hackers on August 31st. Twitter confirmed when it Tweeted,

“We’re aware that Jack was compromised and investigating what happened.”

It further stated that the account has been secured with “no indication that Twitter’s systems have been compromised.”

As for how did it exactly happen?

“The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number,” read the statement from Twitter Comms.

The profile — that has more than four million followers — tweeted a flurry of racist and highly offensive remarks during the 15 minutes the account remained hacked. The offensive messages used the n-word and anti-Semitic comments.

The Chuckling squad that has taken credit for a number of attacks on high-profile Twitter accounts recently said it was behind this attack as well.

The hackers used a technique known as Simswapping or simjacking to control Dorsey’s account.

In this technique, the existing phone number is transferred to a new Sim card.

“SIM swapping is, it’s when someone tricks or bribes someone at a mobile phone provider/store into transferring your cell service to a new SIM card/device they control. Allows interception of text messages, phone calls used for two-factor authentication,” explained Brain Krebs, Author of ‘Spam Nation.’

The attackers were then able to post tweets via text message on to Dorsey’s Twitter account by taking control of the number.

Source