• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
TechEngage®

TechEngage®

Technology news and opinions

  • Tech News
  • Reviews
  • How-to
  • Roundups
  • Science
    • Energy
    • Environment
    • Health
    • Space
  • Apps
  • More
    • Opinion
    • Noteworthy
    • Culture
    • Blockchain
      • Cryptocurrency
    • Events
    • Deals
    • Startups
      • Startup Submissions
  • Videos
TechEngage » News » Security

Twitter security flaw enables hackers access to UK accounts

Avatar Of Fazeel Ashraf Fazeel Ashraf December 30, 2018

UK twitter accounts hacked, twitter logo illustration
Design by abdugeek / TechEngage

Twitter has a massive security flaw that enabled vigilante hackers to access accounts based in the UK. Hackers from Insinia, a British security firm, exposed the flaw by gaining access to some verified celebrity accounts and posting messages.

Insinia was able to pose as celebrities and journalists, without having any knowledge about their passwords. They did this by “spoofing” the cell phone numbers of the users and posting the tweets via text. Most users do not know about this feature.

Twitter allows users who have a smartphone and a data plan to tweet via SMS. Users have to link their mobile phone number to their Twitter account and send the tweet as a text to a specific number.

Insinia confirmed that it sent the tweets and said they did it to expose the vulnerability.

It is unclear how the hackers managed to tweet via the mobile numbers exactly.

Twitter uses both shortcodes and long codes to send tweets via SMS. Shortcodes are just three to five digits, whereas long codes look like proper phone numbers.

Long codes and shortcodes can vary from country to country, and sometimes different carriers can have different shortcodes as well. As an example, USA uses a shortcode (40404), whereas the UK uses both shortcodes and a long code (+447624800379).

A spokesperson for Twitter claimed that the issue had been resolved. Insinia said that it had still managed to send out fake tweets, despite Twitter’s reassurances. The hackers were not able to access users’ Direct Messages or personal details, but they should not have been able to get access in the first place.

Insinia’s chief Mike Godfrey said as much. Godfrey claimed his company carried out the testing to prove how text messaging can be exploited to verify people’s identities. Godfrey added:

“We should not be using 50-year old technology. It is massively flawed by design. Even someone completely unskilled could carry [out] this attack within half an hour. This took us 10 minutes.”

The Insinia’s chief believes the security loophole might have been in existence for a few years at least. He also claimed that his company’s testing might have encouraged Twitter to take better countermeasures.

Gizmodo claimed that Twitter has admitted the SMS vulnerability existed since 2012. So essentially, Twitter had six years to clean up their mess, which they failed to do. It seems the bug is the same one or quite similar to the one that existed in 2012.

It seems only UK residents have been affected, at least for now. US citizens seem to be safe at the moment. A Twitter spokesperson said Twitter doesn’t “believe there is any significant risk to US-based account holders.”

Twitter has been under scrutiny for some time now. The social media network has suffered from numerous Bitcoin scams, and the company was called out for its role in the Russian hacks of the 2016 US presidential election.

It will be interesting to see how the company bounces back from these scandals.

Related Tags: Cybersecurity Data breach Privacy Security Security Breach Twitter User Data User privacy

Related Stories

  • Israeli Spyware, Pegasus, Used To Attack Journalists, Activists, Government Officials’ Phones

    Israeli spyware, Pegasus, used to attack journalists, activists, government officials’ phones

  • Google Pulls Down Several Apps From Play Store For Stealing Facebook Data

    Google pulls down several apps from Play Store for stealing Facebook data

  • Massive Data Leak Leaves Germany Bewildered

    Massive data leak leaves Germany bewildered

Avatar Of Fazeel Ashraf

Fazeel Ashraf

Former Author @TechEngage

IT graduate from the National University of Science and Technology with a passion for writing. When not reading or writing, I can be found listening to rock and metal or playing some classic jams on my electric guitar. I’m also a big fan of horror movies.

Reader Interactions

Share Your Thoughts Cancel reply

Please read our comment policy before submitting your comment. Your email address will not be used or publish anywhere. You will only receive comment notifications if you opt to subscribe below.

Primary Sidebar

Become a contributor

We are accepting contributor applications. All applications will be decided in 3 days after applying. To learn more click here.
TechEngage-Apple-News
TechEngage-Google-News
best headphones for home studio

Best headphones for Home Studio on Amazon 2023

Software and app to get you through your in your silico research

Software and apps to get you through your In silico research

Recent Stories

  • Top Slack Alternatives in 2023
  • Apple strengthens account security with hardware keys support
  • 10 Best Messenger Apps in 2023
  • Essential Netflix tips and tricks 2023
  • How to lock Netflix profiles in 2023

Footer

Discover

  • About us
  • Newsroom
  • Staff
  • Advertise
  • Send us a tip
  • Startup Submission Questionnaire
  • Brand Kit
  • Contact us

Legal pages

  • Reviews Guarantee
  • Community Guidelines
  • Corrections Policy and Practice
  • Cookies Policy
  • Our Ethics
  • Disclaimer
  • GDPR Compliance
  • Privacy Policy
  • Terms and Conditions

Must reads

  • Best AirPods alternatives on Amazon
  • Best PC monitors for gaming on Amazon
  • Best family board games
  • Best Graphics Cards (GPUs) for gaming
  • Best video doorbells without subscription
  • Best handheld video game consoles
  • Best all-season tires for snow
  • Best mobile Wi-Fi hotspots
  • Best treadmills on Amazon
  • Best AM radios for long-distance reception

Download our apps

TechEngage-app-google-play-store

Copyright © 2023 · All Rights Reserved · TechEngage® is a Project of TechAbout LLC.
TechEngage® is a registered trademark in United Kingdom under Trademark Number UK00003417167 and is ISSN protected under the ISSN 2690-3776 and OCLC Number 1139335774.

Go to mobile version