Twitter CEO Jack Dorsey was hacked Friday. Here's how to safeguard your Twitter account

The hack of Twitter CEO Jack Dorsey's account on Frid...

Posted: Sep 1, 2019 7:52 AM

The hack of Twitter CEO Jack Dorsey's account on Friday revealed a flaw in the social network's systems that could leave anyone vulnerable, from lawmakers to CEOs to the average Twitter user. And it raised a serious question as to how you can keep your account safe from the same thing.

Dorsey was likely a victim of SIM swapping, a practice in which a hacker will bribe or otherwise convince a mobile carrier employee to switch a phone number to the hacker's device.

"Somebody can just get somebody making $12 an hour and offer them a thousand dollars to do a SIM swap," Brian Krebs, a leading cybersecurity journalist, told CNN Business on Saturday.

Thanks to a feature left over from Twitter's early days, if a hacker gets control of the phone number associated with your Twitter account, they can text any tweets they want to Twitter's number, 40404, and they'll be immediately published to your account. The hacker wouldn't need any other verification — not even your account password.

Asked by CNN Business on Saturday, Twitter declined to comment on whether it would change its security practices following the Dorsey incident.

Until it does, there doesn't appear to be any real way to turn off the feature that the hacker or hackers apparently exploited to take over Dorsey's account. The only way to do it actually involves making your account less safe overall. But there are still some things you can do to protect your account from these kinds of attacks.

Verification codes

First off, it's a good idea to always have two-factor authentication on, as an additional verification step to confirm your identity beyond your regular password. But even two-factor won't protect you from a SIM swapping hack.

Not all verifications are made equal. A hacker can intercept security codes sent via text message, rendering it useless.

Luckily, Twitter offers several more secure verification methods.

One step better would be to use the Google Authenticator phone app, which will provide you codes. A hacker would then need your actual phone to get the codes. Or you can use a physical security token, a small piece of hardware you can buy separately that generates security codes. A hacker would typically need to physically steal that key to gain access to an account.

Replace your phone number

Right now it appears that the only way to shut off the ability to use text messages to send a tweet from your account is to delete your phone number from Twitter entirely. But there's a catch: Doing so will disable two-factor authentication on your account. I tried multiple times to keep two-factor enabled on my own Twitter account while deleting my phone number from it. Each time it appeared Twitter would allow me to do so, but when I refreshed the page, two-factor was off.

What you can do instead, if you're in the United States, is to try replacing your phone number with a number generated by Google Voice, as first suggested on Twitter by Krebs. A Google Voice phone number isn't managed by a mobile carrier and doesn't have anyone a hacker could talk into helping them obtain control of your number.

"You can't get somebody from Google Voice on the phone if you tried," Krebs told CNN Business.

It's not a perfect solution, Krebs said, as your Google account could also get hacked via SIM swapping if you're set to receive text messages for two factor authentication for that account. And anyone outside the United States will need to find an alternative service. But it would still be effective if you enable an alternative verification method on your Google account and follow other generally good security procedures like setting very strong, unique passwords for all the sites you use, and using a password manager to keep track of them.

Terre Haute
Clear
73° wxIcon
Hi: 87° Lo: 68°
Feels Like: 73°
Robinson
Clear
71° wxIcon
Hi: 84° Lo: 67°
Feels Like: 71°
Indianapolis
Broken Clouds
72° wxIcon
Hi: 86° Lo: 67°
Feels Like: 72°
Rockville
Clear
74° wxIcon
Hi: 85° Lo: 65°
Feels Like: 74°
Casey
Clear
71° wxIcon
Hi: 83° Lo: 68°
Feels Like: 71°
Brazil
Clear
73° wxIcon
Hi: 86° Lo: 67°
Feels Like: 73°
Marshall
Clear
73° wxIcon
Hi: 85° Lo: 67°
Feels Like: 73°
Partly cloudy, calm, and quiet.
WTHI Planner
WTHI Temps
WTHI Radar

Latest Video

Image

Police surround N 5th St Home

Image

Teachers are gearing up for a socially distanced classroom

Image

Thursday: Mix of clouds and sunshine. Average temperatures. High: 86

Image

Tia Tolbert

Image

Sullivan football

Image

New restaurant set to open in southern Vigo County

Image

Oblong pays off late water bills with COVID-19 relief funding

Image

Southwest Sullivan Parent

Image

Local artist creates a piece for the Indianapolis Motor Speedway

Image

Wednesday Early Forecast

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Confirmed Cases: 199893

Reported Deaths: 7881
CountyConfirmedDeaths
Cook1130444934
Lake12939449
DuPage12511522
Kane9948305
Will9486346
St. Clair4155162
Winnebago3806131
McHenry3279114
Madison277778
Kankakee180769
Rock Island178438
Peoria171736
Champaign170919
Kendall141223
Unassigned1395209
Sangamon132333
DeKalb95631
LaSalle82525
Boone77023
Jackson74020
McLean68615
Macon67823
Tazewell5818
Adams5806
Coles52021
Randolph4867
Williamson4547
Ogle4205
Clinton41917
Whiteside36717
Grundy3435
Stephenson3356
Monroe33213
Union33023
Knox3241
Jefferson30420
Morgan2866
Iroquois26912
Henry2621
Vermilion2492
Bureau2413
Cass23811
Macoupin2003
Franklin1981
Warren1940
Lee1861
Perry1853
Effingham1831
Montgomery1747
Woodford1703
Marion1690
Logan1661
McDonough14715
Christian1444
Saline1342
Jo Daviess1331
Livingston1303
Douglas1293
Jersey1222
Pulaski971
Moultrie930
Shelby901
Clark872
Mercer774
White720
Fayette713
Johnson700
Hancock681
Washington670
Greene660
Wayne662
Bond643
Carroll644
Piatt640
Jasper597
Menard580
Cumberland573
Mason570
Gallatin512
Lawrence510
Ford502
Massac420
Wabash420
Alexander370
Fulton370
De Witt340
Hamilton300
Crawford290
Edgar290
Marshall280
Clay270
Scott270
Pike260
Edwards240
Richland220
Schuyler190
Hardin180
Brown150
Henderson140
Putnam140
Calhoun110
Pope110
Stark70
Out of IL00

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Confirmed Cases: 76522

Reported Deaths: 3086
CountyConfirmedDeaths
Marion16194731
Lake7742281
Elkhart495586
Allen4040163
St. Joseph361083
Hamilton2887104
Vanderburgh205313
Hendricks1943108
Cass18069
Johnson1794119
Porter136239
Clark130750
Tippecanoe124511
Madison103066
LaPorte93530
Howard92065
Kosciusko87212
Floyd82249
Bartholomew82147
Marshall79423
Monroe76732
Delaware76052
Vigo71411
Dubois71312
Boone69746
Noble69029
Hancock68839
Jackson5975
Warrick58830
Shelby56828
LaGrange56610
Grant53130
Dearborn51628
Morgan48934
Clinton4504
Henry41820
Wayne38810
White37711
Montgomery36021
Lawrence35727
Harrison35224
Decatur34232
Putnam3218
Daviess27920
Miami2772
Scott27310
Jasper2572
Greene25434
Franklin24715
DeKalb2384
Gibson2334
Jennings22812
Steuben2153
Ripley2138
Carroll2003
Fayette1957
Perry18713
Posey1800
Starke1807
Orange17824
Wells1782
Fulton1732
Wabash1715
Jefferson1662
Knox1640
Whitley1566
Tipton14912
Washington1441
Sullivan1411
Spencer1393
Clay1315
Huntington1273
Randolph1274
Newton12110
Adams1172
Owen1051
Jay920
Rush894
Pulaski821
Fountain762
Brown752
Blackford662
Ohio656
Benton640
Pike620
Vermillion590
Parke551
Switzerland530
Martin500
Crawford450
Union410
Warren241
Unassigned0208