Learning from Successful SIM Swap Attack of Twitter, CEO
The recent Twitter got hacked by the group 'Chuckle Squad', a rogue group of hackers hack the account of Jack Dorsey, CEO of Twitter, it is possible with, a successful SIM swap attack, hackers persuade a mobile phone provider to transfer a victim’s phone number to the hacker’s SIM card, giving the hacker access to the victim’s calls and messages.
Intrusions into your Twitter account might range from mild annoyance, to a serious PR fail, to an international political gaffe. Regardless of how you use it, there’s no need to make it easier for someone who wants to hijack your Twitter account. It’s quite easy to improve the security of your Twitter account and it only takes a few minutes. To avoid losing control of your Twitter account, as per Sunil Sharma, MD Sales, Sophos India & SAARC on how to secure your Twitter account.
1. Enable two-factor authentication (2FA)
Having a strong, unique password is an important first step to securing your account, but passwords can be easily guessed or generated by an attacker, so by themselves they’re not enough to stop someone in their tracks.
Your best bet to keep someone out of your account is to also enable two-factor authentication, which means you’ll need a second factor – like a numerical code or physical key – to prove it’s you when you log in to your account. It’s extremely unlikely that someone trying to break into your account has both your password AND access to your unlocked phone, so it significantly reduces the chance of an account break-in by enabling two-factor authentication.
How to do it: To enable 2FA on your Twitter account, log in and click your profile icon, then go to Settings and privacy. Scroll down to Login verification, which is what Twitter calls two-factor authentication.
Twitter begins the setup with a text message (SMS) code, but once you have 2FA set up you have the option to stick with an SMS code, use a physical security key, or use a mobile authenticator app. Many people prefer to use SMS as it’s easiest, but this method has its own security flaws, so we recommend using an authenticator app on your phone.
For good measure, you may also wish to enable password reset verification, which will require you to confirm your email or phone number if someone (hopefully you) asks to reset your password.
2. Screen who can contact you
Twitter is great as a big, open platform where anyone can join in the conversation. But that openness can also be a bit of a pain, as harassers and crooks love the platform’s openness too. There’s a very simple way to make sure you aren’t bothered by lazy spammers who are just out to blast Twitter accounts with links to malware as quickly as possible: Screen who can contact you via direct message or by public reply.
You can opt to only allow people you have opted in to follow to send you a direct message (a private message that does not have a character limit, unlike standard tweets), and you can also opt to enable quality filters on regular tweets that you receive, so tweets by profiles of “low quality” will never reach you. This means that if someone with a phony account tries to send you a potentially phishy link – which can and does happen on Twitter, so always click with caution! – they’ll have to do a lot more work just to set up their account and get past basic quality filters, and most spammers won’t bother.
How to do it: To only allow people you follow to send you a direct message, go to Settings and select Privacy and safety from the left-hand menu, and then deselect Receive direct messages from anyone.
To enable the Twitter quality filters, go to your Settings and select Notifications from the left-hand menu. Under Advanced, select Quality filter.
On this page you can also opt to Mute notifications from people who have a default profile photo and haven’t confirmed their email address, which will filter Twitter accounts that haven’t finished their basic profile setup.
3. Check your connected apps
Do you remember which apps you’ve authorized to have full access to your Twitter account? It’s painlessly easy to sign up to a service using Twitter, but how long do you want that service to have that kind of access? It’s worth reviewing your connected apps to see what’s still lingering in there, and if you see something you don’t remember authorizing or haven’t used in a while, it’s time to revoke its permission to your account.
How to do it: In your Settings, select Apps and devices from the menu and take a look at the apps that are listed as connected to your account. Hitfor any app that you no longer need or want.
4. The nuclear option: protect your tweets
While the idea behind Twitter is that the conversation is public and open to everyone, you can opt to protect your account, which makes your tweets visible only to people that you’ve opted to follow.
Twitter itself notes that if you have tweeted publicly and then later change your account to “protected,” it’s very possible those initially-public tweets will continue to live on publicly in perpetuity - so protecting your account is not an “oops” button for erasing tweet you’ve regretted sending, but it is a good way to make sure you know exactly who’s reading your words. It’s the nuclear option for sure, but if you want control over who’s reading you, it’s the right option for you.
How to do it: In Settings, select Privacy and safety. Under Tweet privacy check Protect your Tweets. (You can always un-protect your tweets and make your tweets public if you ever change your mind!)