Skip to main content

Twitter disables tweeting via SMS after CEO gets hacked

Twitter disables tweeting via SMS after CEO gets hacked

Share this story

Illustration by Alex Castro / The Verge

Twitter has “temporarily” turned off the ability to tweet via text message just days after the feature was misused by hackers to tweet a racial slur, bomb threat, and other crude messages from the account of Twitter CEO Jack Dorsey.

The ability to tweet via text was important to Twitter in the service’s early days, but it’s more of a legacy feature at this point since most people rely on the smartphone app. The feature still exists, though, allowing you to text a number, such as 40404, and have that message posted to your account.

That can lead to real issues when someone’s phone number is stolen, which is a technique that hackers increasingly use to compromise accounts because phone carriers often don’t take care to properly secure them. That’s what happened last Friday to Dorsey. Once hackers had access to his number, they were able to use text messages to post under his username, even without otherwise being logged in to his account.

Twitter says it’s making the change “to protect people’s accounts.” It blamed mobile carriers, saying they need to address vulnerabilities that allow this kind of misuse. Twitter also said it needed to improve its two-factor authentication system, which relies on text messages as well and could be compromised in the same way.

It sounds like the text to tweet feature could be kept off for some time in most countries. Twitter says it’ll “soon” reactivate the feature “in markets that depend on SMS for reliable communication” and that it will work on a “longer-term strategy” for the feature, but it didn’t elaborate on what that would be.

Update September 5th, 12:52PM ET: Twitter has already re-enabled tweeting via SMS in “a few locations” where it says users depend on it to tweet. “It remains turned off for the rest of the world.”