Twitter CEO Jack Dorsey was hacked Friday. Here's how to safeguard your Twitter account

The hack of Twitter CEO Jack Dorsey's account on Frid...

Posted: Sep 1, 2019 7:52 AM

The hack of Twitter CEO Jack Dorsey's account on Friday revealed a flaw in the social network's systems that could leave anyone vulnerable, from lawmakers to CEOs to the average Twitter user. And it raised a serious question as to how you can keep your account safe from the same thing.

Dorsey was likely a victim of SIM swapping, a practice in which a hacker will bribe or otherwise convince a mobile carrier employee to switch a phone number to the hacker's device.

"Somebody can just get somebody making $12 an hour and offer them a thousand dollars to do a SIM swap," Brian Krebs, a leading cybersecurity journalist, told CNN Business on Saturday.

Thanks to a feature left over from Twitter's early days, if a hacker gets control of the phone number associated with your Twitter account, they can text any tweets they want to Twitter's number, 40404, and they'll be immediately published to your account. The hacker wouldn't need any other verification — not even your account password.

Asked by CNN Business on Saturday, Twitter declined to comment on whether it would change its security practices following the Dorsey incident.

Until it does, there doesn't appear to be any real way to turn off the feature that the hacker or hackers apparently exploited to take over Dorsey's account. The only way to do it actually involves making your account less safe overall. But there are still some things you can do to protect your account from these kinds of attacks.

Verification codes

First off, it's a good idea to always have two-factor authentication on, as an additional verification step to confirm your identity beyond your regular password. But even two-factor won't protect you from a SIM swapping hack.

Not all verifications are made equal. A hacker can intercept security codes sent via text message, rendering it useless.

Luckily, Twitter offers several more secure verification methods.

One step better would be to use the Google Authenticator phone app, which will provide you codes. A hacker would then need your actual phone to get the codes. Or you can use a physical security token, a small piece of hardware you can buy separately that generates security codes. A hacker would typically need to physically steal that key to gain access to an account.

Replace your phone number

Right now it appears that the only way to shut off the ability to use text messages to send a tweet from your account is to delete your phone number from Twitter entirely. But there's a catch: Doing so will disable two-factor authentication on your account. I tried multiple times to keep two-factor enabled on my own Twitter account while deleting my phone number from it. Each time it appeared Twitter would allow me to do so, but when I refreshed the page, two-factor was off.

What you can do instead, if you're in the United States, is to try replacing your phone number with a number generated by Google Voice, as first suggested on Twitter by Krebs. A Google Voice phone number isn't managed by a mobile carrier and doesn't have anyone a hacker could talk into helping them obtain control of your number.

"You can't get somebody from Google Voice on the phone if you tried," Krebs told CNN Business.

It's not a perfect solution, Krebs said, as your Google account could also get hacked via SIM swapping if you're set to receive text messages for two factor authentication for that account. And anyone outside the United States will need to find an alternative service. But it would still be effective if you enable an alternative verification method on your Google account and follow other generally good security procedures like setting very strong, unique passwords for all the sites you use, and using a password manager to keep track of them.

Terre Haute
Clear
44° wxIcon
Hi: 71° Lo: 40°
Feels Like: 44°
Robinson
Clear
40° wxIcon
Hi: 71° Lo: 39°
Feels Like: 40°
Indianapolis
Partly Cloudy
50° wxIcon
Hi: 71° Lo: 43°
Feels Like: 50°
Rockville
Partly Cloudy
46° wxIcon
Hi: 71° Lo: 39°
Feels Like: 46°
Casey
Clear
48° wxIcon
Hi: 69° Lo: 42°
Feels Like: 45°
Brazil
Clear
44° wxIcon
Hi: 71° Lo: 41°
Feels Like: 44°
Marshall
Clear
44° wxIcon
Hi: 71° Lo: 39°
Feels Like: 44°
Weekend Showers
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 1361569

Reported Deaths: 24671
CountyCasesDeaths
Cook54504110100
DuPage905031279
Will75456990
Lake67145988
Kane58349771
Winnebago33178474
Madison30500519
McHenry28573285
St. Clair27847513
Peoria23094310
Champaign20618145
Sangamon18724234
McLean18138179
Tazewell16938287
Rock Island14970314
Kankakee14176210
Kendall1303893
LaSalle12536243
Macon10750199
DeKalb9856119
Vermilion9628132
Adams8452123
Williamson7428129
Whiteside7160171
Boone669972
Ogle611181
Grundy588775
Clinton575790
Coles568695
Knox5553145
Jackson502464
Henry497066
Livingston481785
Stephenson475381
Woodford473976
Effingham472972
Macoupin469782
Marion4472115
Franklin444874
Monroe435793
Jefferson4291120
Lee416552
Randolph412984
Fulton391955
Morgan388981
Logan386958
Montgomery371974
Bureau371682
Christian365973
Fayette317455
Perry316960
Iroquois301866
McDonough284847
Jersey268949
Douglas258835
Saline256454
Lawrence240525
Shelby229537
Union226040
Crawford211626
Bond204824
Cass199125
Jo Daviess181024
Clark179933
Warren179746
Pike178852
Ford178246
Wayne177553
Hancock175931
Carroll175136
Richland175140
Edgar170239
White169626
Washington164525
Moultrie161028
De Witt150824
Mason150745
Piatt149714
Clay148143
Mercer146933
Johnson143915
Greene143633
Wabash134612
Massac133940
Cumberland129019
Menard123412
Jasper115018
Marshall106918
Hamilton83315
Schuyler7536
Brown7046
Pulaski6887
Stark63723
Edwards56912
Henderson52514
Calhoun5182
Putnam4823
Scott4781
Alexander46811
Gallatin4584
Hardin38612
Pope3204
Out of IL20
Unassigned02351

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 732692

Reported Deaths: 13450
CountyCasesDeaths
Marion1002531746
Lake53931975
Allen40779678
St. Joseph35838552
Hamilton35695408
Elkhart28695442
Tippecanoe22419219
Vanderburgh22332397
Porter18838309
Johnson18007379
Hendricks17269315
Clark13007191
Madison12708339
Vigo12470248
LaPorte11970212
Monroe11914170
Delaware10720186
Howard9946216
Kosciusko9438117
Hancock8310141
Bartholomew8078156
Warrick7789155
Floyd7672178
Grant7072174
Wayne7061199
Boone6712101
Morgan6593139
Dubois6162117
Marshall6073111
Cass5826105
Dearborn581878
Henry5758103
Noble562784
Jackson502773
Shelby493196
Lawrence4563120
Harrison436372
Gibson436092
DeKalb429285
Clinton427953
Montgomery425089
Whitley397139
Huntington392980
Steuben389457
Miami382267
Knox372690
Jasper368248
Putnam361660
Wabash354580
Adams341954
Ripley340170
Jefferson331281
White314854
Daviess298199
Wells291881
Decatur285492
Fayette281262
Greene279785
Posey271933
LaGrange267870
Scott266954
Clay260547
Washington241632
Randolph241181
Spencer232431
Jennings230449
Starke217154
Fountain213046
Sullivan212042
Owen201956
Jay196330
Fulton195540
Carroll189420
Orange184154
Perry183537
Rush173725
Vermillion169643
Franklin168435
Tipton163045
Parke146416
Blackford135132
Pike134934
Pulaski116945
Newton108134
Brown102441
Crawford100615
Benton98914
Martin89015
Warren82215
Switzerland7938
Union71010
Ohio57111
Unassigned0417