Twitter (TWTR) is temporarily suspending the ability to tweet via text messages, days after CEO Jack Dorsey’s account was hacked due to an apparent vulnerability tied to this feature.
“We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers,” Twitter said in one of a series of tweets about the decision on Wednesday.
On Friday, Dorsey’s account tweeted a series of racist and otherwise offensive tweets for about 20 minutes. Twitter quickly acknowledged that someone had hacked the account.
We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this).
— Twitter Support (@TwitterSupport) September 4, 2019
The tweets appear to have been sent not by hacking Dorsey’s actual account, but by the hacker or hackers convincing Twitter’s systems that they had his phone and were texting the tweets to his account.
It’s likely the hacker or hackers wouldn’t even have needed Dorsey’s password, or ever been prompted for it.
“The phone number associated with the account was compromised due to a security oversight by the mobile provider,”
Twitter said in a statement Friday. “This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.”
But earlier on Wednesday, actress Chloe Moretz appeared to experience a similar hack.
When asked if the latest hacks led to the move, a Twitter spokesperson said: “[It’s] safe to assume ongoing issues with this vulnerability caused us to take the action we did today.”
Twitter said Wednesday that it will reactivate the tweet via text option “in markets that depend on SMS for reliable communication soon while we work on our longer-term strategy for this feature.”