Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Activist DeRay Mckesson's Twitter Account Was Hacked

Posted by msmash on from the security-woes dept.

Racial justice activist DeRay Mckesson became the most recent victim of a high-profile Twitter account hack. Mckesson this week started to endorse for Donald Trump and posted a self-defamatory tweet. Later he announced that his account was hacked. What's interesting about this hack was that Mckesson had two-factor authentication enabled on "all" of his accounts. Hackers apparently resorted to a much-sophisticated attack: Hacker or hackers were able to take over by convincing Verizon to reset his SIM. With the SIM reset, the person responsible was able to receive text messages intended for Mckesson and therefore bypass the two-factor authentication the activist used to keep his account secure.

3 of 86 comments (clear)

  1. Trump 2016 by Anonymous Coward · · Score: 1, Interesting

    Just sayin'

  2. "racial justice activist" WTF? by KiloByte · · Score: 4, Interesting

    So these days the word for "racism" is now "racial justice"?

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  3. Single-level Security Model flaw by redelm · · Score: 4, Interesting

    Users should be able to choose their own level of security to match their individual situations (consequences). With just one provider-imposed level, the same compromises between security and useability have to be selected and imposed on all users.

    For instance, a user could choose to set security very lax (pwd over phone) if they have little to protect and value convenience. Someone with something to worry about might set security very tight (long/rand pwds, resets only in meatspace with two forms of ID).