Hundreds of thousands, if not millions of Twitter users ran out of words a few days ago after reading some ultra-nationalist and racist messages posted on the timeline of Jack Dorsey, the company’s CEO. After the social network’s data protection team determined that it was a hacking attack, some measures were announced to prevent similar incidents in the future.
Through a statement, Twitter announced that a social network feature has been removed; this feature allowed users to send text messages (SMS) to post tweets in case of not having access to the app or website. This was the attack vector used by hackers to enter Dorsey’s account; even though some experts had already pointed out this weakness, the company had not taken action on it until its own CEO suffered the consequences. “The phone number linked to Dorsey’s account was compromised by an oversight of a mobile phone service provider,” the company’s report says.
“The function will be temporarily disabled. We have made this decision because of the security flaws in this role, which we will correct in conjunction with the companies providing mobile phone services,” the micro blogging social network statement says.
According to data protection specialists, the company will need to reconsider employing users’ phone numbers as a multi-factor authentication method, the only one used by the company so far. “The feature will be reactivated once the vulnerabilities are corrected”, concludes the company’s message. At the time of writing, the feature had been reactivated in some locations.
This incident has created public relations chaos for the micro blogging social media, in fact, according to data protection experts from the International Institute of Cyber Security (IICS), it could have been prevented if the company paid sufficient attention to the feedback it receives from its millions of users, security firms and independent security researchers.