The frighteningly simple technique that hijacked Jack Dorsey’s Twitter account

Secure Laptop Hacking Story

Friday afternoon, Jack Dorsey’s 4.2 million Twitter followers got an unpleasant surprise. A group of vandals had gained access to the account, and used that access to blast out a stream of offensive messages and plugs for their group’s discord channel. Within 15 minutes, the account was back under control and the group was banned from Discord, but the incident was a reminder of the serious vulnerabilities in even the highest-profile accounts, and just how insecure phone-based authentication has become.

The hackers got in through Twitter’s text-to-tweet service, operated by the acquired service Cloudhopper. Using Cloudhopper, Twitter users can post tweets by texting messages to a shortcode number, usually 40404. It’s a useful trick for S...

Continue reading…



from The Verge - All Posts https://ift.tt/2PvYOaR

Comments