Twitter has revealed today that it has shut down Twitter via SMS because of security concerns, a service that has enabled users of the social network to tweet text messages since its inception.
“We want to keep your account secure,” the company’s support account tweeted earlier today.
“We’ve seen problems with SMS, so we’ve switched off our Twitter service via SMS, except for a few countries.” But, as the company added, Twitter users will still be able to use “significant SMS messages” to sign in to the website and manage their accounts.
Users using Twitter via SMS are recommended to turn to the social network web site or the Twitter mobile app “to enjoy the full Twitter experience.” For the time being, Twitter has also agreed not to kill SMS-based two-factor authentication (2FA) and password verification.
Twitter has temporarily disabled users’ ability to tweet via text messages between September 4 and September 5, 2019 to secure their accounts after Jack Dorsey’s Twitter account, the company’s CEO, has been hacked.
“We’ve turned this feature back to a few locations that rely on SMS to Tweet,” said Twitter. “It’s still switched off for the rest of the world.” As Twitter’s Communications Team tweeted, and Brandon Borrman, Vice President Global Communications at Twitter, said at the time, “the account-related phone number was compromised due to security oversight by the mobile provider” that allowed the attackers to write and send tweets via SMS using Dorsey’s phone number.
In February, Twitter discovered and resolved an problem that was deliberately exploited by attackers to link unique phone numbers to their corresponding Twitter accounts using a large network of fake accounts.
During October 2019, Twitter also disclosed that some of the phone numbers and email addresses provided for account protection, such as 2FA, could have been unintentionally used for ad targeting.
“No user data has ever been exchanged externally with our partners or any other third party,” Twitter said at the time. “As of September 17, we resolved the problem that caused this to happen and no longer use telephone numbers or e-mail addresses obtained for protection or security purposes for advertising purposes.”