Wednesday 18 September 2019

Louis Theroux among Twitter hack targets to highlight security flaw

Security firm temporarily hijacks some accounts to expose a vulnerability in the way Twitter uses text messages to secure accounts.

Louis Theroux was among the celebrities whose accounts were targeted (Ian West/PA)
Louis Theroux was among the celebrities whose accounts were targeted (Ian West/PA)

By Jamie Harris, Press Association Science Technology Reporter

Twitter accounts belonging to celebrities including Louis Theroux, Eamonn Holmes and Saira Khan were hacked on Thursday to expose a security flaw on the social network.

A message reading “This account has been temporarily hijacked by INSINIA SECURITY” appeared on several pages, in an effort to highlight an apparent vulnerability in the way Twitter uses text messages to secure accounts.

ipanews_a84dda20-b4a7-4719-84c9-9fd4f7fc318d_embedded1669653
Twitter account of Louis Theroux hacked to expose vulnerability (PA)

The security firm said the user had not lost access to their account and that none of their data was compromised during the exercise.

“We understood the way that Twitter handles incoming texts from your number,” researchers said in a blog post.

“If we can text from what appears to be your number then we can interact with, and fully control, your Twitter account.”

In tricking Twitter’s verification system, they were able to fully use the target’s account, the company claimed, meaning they could send tweets, direct messages, retweet and like tweets, as well as follow and unfollow people.

It warned that the easy hack could be used to ruin the reputations of people by covertly liking offensive or extremist material, and could risk the spread of fake news and disinformation.

“Twitter should completely remove this functionality as users rely on their phone added to account for two-factor authentication,” the company added.

PA Media

Editors Choice

Also in Entertainment

Back to top