Twitter hackers appear to take over another high-profile account
The Chloë Grace Moretz and Jack Dorsey Twitter Hacks Look Pretty Similar
Twitter Disables Text-Messaging Feature as Hacks Continue
Twitter has “temporarily” turned off the ability to tweet via text message just days after the feature was misused by hackers to tweet a racial slur, bomb threat, and other crude messages from the account of Twitter CEO Jack Dorsey.
Also, Hackers broke into the Twitter account of actress Chloë Grace Moretz on Wednesday, less than a week after CEO Jack Dorsey’s account was compromised. While it’s unclear whether the same people were responsible for both incidents, the two hacks bore striking similarities.
At around 11:30 a.m., a tweet went out from Moretz’s account containing a racist hashtag, along with the calling card “chucklingSquad.” The same hashtag and a link to a Chuckling Squad chat on Discord were sent from Dorsey’s account on Friday. Tweets that went out in both cases also referenced “Chungus,” a meme that depicts an “overweight giant earth destroying, god killing rabbit.”
Trevor Duke-Moretz, Chloë’s brother, confirmed that his sister’s account was hacked:
@ChloeGMoretz has been hacked- we are trying to resolve- excuse anything being posted
— Trevor Duke- Moretz (@TrevorDMoretz) September 4, 2019
The ability to tweet via text was important to Twitter in the service’s early days, but it’s more of a legacy feature at this point since most people rely on the smartphone app. The feature still exists, though, allowing you to text a number, such as 40404, and have that message posted to your account.
That can lead to real issues when someone’s phone number is stolen, which is a technique that hackers increasingly use to compromise accounts because phone carriers often don’t take care to properly secure them. That’s what happened last Friday to Dorsey. Once hackers had access to his number, they were able to use text messages to post under his username, even without otherwise being logged in to his account.
We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this).
— Twitter Support (@TwitterSupport) September 4, 2019
Twitter says it’s making the change “to protect people’s accounts.” It blamed mobile carriers, saying they need to address vulnerabilities that allow this kind of misuse. Twitter also said it needed to improve its two-factor authentication system, which relies on text messages as well and could be compromised in the same way.
It sounds like the text to tweet feature could be kept off for some time in most countries. Twitter says it’ll “soon” reactivate the feature “in markets that depend on SMS for reliable communication” and that it will work on a “longer-term strategy” for the feature, but it didn’t elaborate on what that would be.