Twitter isn't taking any chances in the wake of hackers compromising the accounts of celebrities and its own CEO. The social site is "temporarily" disabling the option to tweet via SMS until there's greater security in place. Carriers need to address "vulnerabilities" in their systems, the company said, while Twitter itself planned to tackle its reliance on linked phone numbers for two-factor authentication. It'll reinstate SMS tweeting in regions that need it for "reliable communication," but it's working on a long-term solution.
The company hasn't provided a detailed explanation for what happened, but Jack Dorsey's account fell victim to a "security oversight" at his carrier that let people send tweets via text through his phone number. It's not clear if this is the result of SIM hijacking, a spoofing attempt or something similar.
Whatever the cause, it's a drastic step. SMS-based tweeting has been a core element of Twitter since the very beginning, and it's been available long since the majority of people switched to posting from apps and websites. Not that Twitter necessarily had much choice. Attackers are eager to exploit this lapse in security, and there's no quick fix -- this at least buys the company some time.
We're taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we're working on improving this).— Twitter Support (@TwitterSupport) September 4, 2019