Now that its CEO's account has been hacked, Twitter is taking steps to protect user accounts from similar attacks.
Twitter CEO Jack Dorsey's account was compromised last month when unknown hackers replicated a phone number associated with the account and started tweeting from it via SMS.
Via a tweet, Twitter has confirmed that the tweet via SMS functionality has been disabled and that the company is exploring options for delinking phone numbers from two-step authentication needed for secure access to accounts. The company also blames mobile carriers for not taking steps to prevent such fraud from happening.
Twitter CEO Jack Dorsey. Image: Reuters
SIM swap fraud is a very simple exploit involving phishing and social engineering. A fraudster need only acquire enough personal information on a user to convince a mobile carrier that the victim's phone was stolen or the SIM lost. Carriers, after a minimum of verification, issue a new SIM with the victim's number.
Fraudsters can use this SIM to access a target user's OTP codes from banks and personal accounts, and in Dorsey's case, his Twitter account.
We’re temporarily turning off the ability to Tweet via SMS, or text message, to protect people’s accounts.
— Twitter Support (@TwitterSupport) September 4, 2019
from Firstpost Tech Latest News https://ift.tt/2NNH08m
No comments:
Post a Comment