Advertisement
Engadget
Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

Twitter temporarily disables tweeting via SMS after account hijacks

It's promising a long-term solution.

Twitter isn't taking any chances in the wake of hackers compromising the accounts of celebrities and its own CEO. The social site is "temporarily" disabling the option to tweet via SMS until there's greater security in place. Carriers need to address "vulnerabilities" in their systems, the company said, while Twitter itself planned to tackle its reliance on linked phone numbers for two-factor authentication. It'll reinstate SMS tweeting in regions that need it for "reliable communication," but it's working on a long-term solution.

The company hasn't provided a detailed explanation for what happened, but Jack Dorsey's account fell victim to a "security oversight" at his carrier that let people send tweets via text through his phone number. It's not clear if this is the result of SIM hijacking, a spoofing attempt or something similar.

Whatever the cause, it's a drastic step. SMS-based tweeting has been a core element of Twitter since the very beginning, and it's been available long since the majority of people switched to posting from apps and websites. Not that Twitter necessarily had much choice. Attackers are eager to exploit this lapse in security, and there's no quick fix -- this at least buys the company some time.