Security News

Using texts is insecure for doing 2FA, So if you want to keep it up you're going to have to pay. The bulletin says that "After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled."

Twitter has announced that starting with March 20, users who don't pay the Twitter Blue subscription will no longer be able to use the SMS-based two-factor authentication option. Twitter CEO Elon Musk further explained the rationale behind the move by claiming that "Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages."

Twitter has announced that it will no longer support SMS two-factor authentication unless you pay for a Twitter Blue subscription. In a blog post released this week, Twitter said that non-Twitter Blue users using SMS 2FA authentication have until March 20th, 2023, to switch to another 2FA method, or it will be disabled.

Twitter has announced that it's limiting the use of SMS-based two-factor authentication to its Blue subscribers. "While historically a popular form of 2FA, unfortunately we have seen phone-number based 2FA be used - and abused - by bad actors," the company said.

While the Twitter outage affected comparatively few Twitter users, it could hold a larger message about the dangers not just to operations but also security for organizations mulling big cuts in workforce. With just 1,300 active staff, Twitter now has 80% fewer workers than the roughly 8,000 the company had on its payroll before the October 2022 takeover by Elon Musk, by some reports.

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria: this time stealing donations by abusing legitimate platforms like PayPal and Twitter. BleepingComputer has identified multiple scams running on Twitter and abusing legitimate platforms like PayPal's fundraising pages to create convincing scam websites and collect proceeds from donors hoping to aid earthquake victims.

A top US cyber diplomat said his Twitter account was compromised over the weekend. Nate Fick, the inaugural US ambassador at large for Cyberspace and Digital Policy, on Saturday announced the hack of his personal account with - of course - a tweet.

Twitter on Wednesday said that its investigation found "No evidence" that users' data sold online was obtained by exploiting any security vulnerabilities in its systems. "Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems," the company said in a statement.

Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online, saying that it found no evidence the data was obtained by exploiting a vulnerability in its systems. "In response to recent media reports of Twitter users' data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems," the company said.

More than 200 million Twitter users' information is now available for anyone to download for free.This latest data dump, which includes account names, handles, creation dates, follower counts, and email addresses, turns out to the be same - albeit cleaned up - leak reported last month that affected more than 400 million Twitter accounts, according to Privacy Affairs' security researchers, who verified the database that's now posted on a breach forum.