Louis Theroux among Twitter hack targets to highlight security flaw
Security firm temporarily hijacks some accounts to expose a vulnerability in the way Twitter uses text messages to secure accounts.
Twitter accounts belonging to celebrities including Louis Theroux, Eamonn Holmes and Saira Khan were hacked on Thursday to expose a security flaw on the social network.
A message reading “This account has been temporarily hijacked by INSINIA SECURITY” appeared on several pages, in an effort to highlight an apparent vulnerability in the way Twitter uses text messages to secure accounts.
The security firm said the user had not lost access to their account and that none of their data was compromised during the exercise.
“We understood the way that Twitter handles incoming texts from your number,” researchers said in a blog post.
“If we can text from what appears to be your number then we can interact with, and fully control, your Twitter account.”
In tricking Twitter’s verification system, they were able to fully use the target’s account, the company claimed, meaning they could send tweets, direct messages, retweet and like tweets, as well as follow and unfollow people.
It warned that the easy hack could be used to ruin the reputations of people by covertly liking offensive or extremist material, and could risk the spread of fake news and disinformation.
“Twitter should completely remove this functionality as users rely on their phone added to account for two-factor authentication,” the company added.