The frighteningly simple technique that hijacked Jack Dorsey’s Twitter account
Friday afternoon, Jack Dorsey’s 4.2 million Twitter followers got an unpleasant surprise. A group of vandals had gained access to the account, and used that access to blast out a stream of offensive messages and plugs for their group’s discord channel. Within 15 minutes, the account was back under control and the group was banned from Discord, but the incident was a reminder of the serious vulnerabilities in even the highest-profile accounts, and just how insecure phone-based authentication has become.
The hackers got in through Twitter’s text-to-tweet service, operated by the acquired service Cloudhopper. Using Cloudhopper, Twitter users can post tweets by texting messages to a shortcode number, usually 40404. It’s a useful trick for S...
from The Verge - All Posts https://ift.tt/2PvYOaR
Comments
Post a Comment