[ad_1]
After hacking Twitter's CEO account, Jack Dorsey, on Friday night, and a 15-minute tweet of racist and pro-Nazi tweets before being deleted by Twitter, the question is how to protect Twitter from hacking?
How was Jack Dorsey's account hacked?
"The phone number associated with the account was compromised due to a security error from the mobile provider, which allowed the hacker to create and send tweets via SMS from the phone number ", said Twitter in a tweet.
Dorsey will likely be a fraudulent victim called SIM exchange, or what's known in the circles as a SIM card swap, or SIM card splitting, in which hackers manage to corrupt or persuade a mobile phone operator to transfer the phone number to the hacker's device.
After taking control of Dorsey's number, the hacker took advantage of an old feature of the "Tweet via SMS" platform, operated by Cloudhopper, owned by Twitter acquired in 2010 to improve SMS.
With Cloudhopper, Twitter users can post tweets by sending text messages to 40404, and the system only needs to link the phone number to the Twitter account, which most users already do for separate security reasons. Therefore, controlling the phone number is enough to post tweets to anyone's account. This is not what most users know.
Despite the short period during which he continued to access the account, the incident recalls the serious weaknesses of the platform, which has reached higher-level accounts, authentication, forcing Twitter users to make sure their accounts are as secure as possible.
Here's how to secure a Twitter account:
1- Activate the two-factor authentication feature:
It's always a good idea to enable 2FA 2-factor authentication, an extra verification step to confirm your identity in addition to your usual password. But even two-factor authentication will not work if hacking is via a SIM card.
Fortunately, Twitter offers several safer ways to confirm your identity:
One of the best solutions is to use the Google Authenticator phone application, which provides hard-to-reach identity verification codes for hackers as they reach your phone.
Or use a physical security key, a small piece of hardware that can be purchased separately to generate security codes. The hacker will have to steal this key to access your account.
2. Edit the phone number associated with your Twitter account:
The only way available is to disable the ability to use text messages to send tweets to your account from your phone number. However, this will disable the authentication feature of your account. Your phone number can be replaced with an anonymous virtual phone number to hide the real number. Etisalat does not handle this number and no one can help the intruder to control it.
If you are in the United States, you can replace your phone number with a number that you can create with the Google Voice service.
[ad_2]
Source link
