Twitter has “temporarily” turned off the ability to tweet via text message just days after the feature was misused by hackers to tweet a racial slur, bomb threat, and other crude messages from the account of Twitter CEO Jack Dorsey.
The ability to tweet via text was important to Twitter in the service’s early days, but it’s more of a legacy feature at this point since most people rely on the smartphone app. The feature still exists, though, allowing you to text a number, such as 40404, and have that message posted to your account.
That can lead to real issues when someone’s phone number is stolen, which is a technique that hackers increasingly use to compromise accounts because phone carriers often don’t take care to properly secure them. That’s what happened last Friday to Dorsey. Once hackers had access to his number, they were able to use text messages to post under his username, even without otherwise being logged in to his account.
We’re taking this step because of vulnerabilities that need to be addressed by mobile carriers and our reliance on having a linked phone number for two-factor authentication (we’re working on improving this).
— Twitter Support (@TwitterSupport) September 4, 2019
Twitter says it’s making the change “to protect people’s accounts.” It blamed mobile carriers, saying they need to address vulnerabilities that allow this kind of misuse. Twitter also said it needed to improve its two-factor authentication system, which relies on text messages as well and could be compromised in the same way.
It sounds like the text to tweet feature could be kept off for some time in most countries. Twitter says it’ll “soon” reactivate the feature “in markets that depend on SMS for reliable communication” and that it will work on a “longer-term strategy” for the feature, but it didn’t elaborate on what that would be.