Security News > 2022 > November > Failures in Twitter’s Two-Factor Authentication System

Failures in Twitter’s Two-Factor Authentication System
2022-11-17 10:53

Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism.

Users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all.

The meltdown comes less than two weeks after Twitter laid off about half of its workers, roughly 3,700 people.

Engineers, operations specialists, IT staff, and security teams have been stretched thin attempting to adapt Twitter's offerings and build new features per new owner Elon Musk's agenda.

A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting "STOP" to the Twitter verification service results in the service turning off SMS two-factor authentication.

The vulnerability, which ISMG verified, allows a hacker to spoof the registered phone number to disable two-factor authentication.


News URL

https://www.schneier.com/blog/archives/2022/11/failures-in-twitters-two-factor-authentication-system.html