+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A prominent activist had his Twitter account hacked using a method that takes only minutes

Jun 11, 2016, 02:10 IST

Advertisement
Jason Howie/Flickr

Black Lives Matter activist and Baltimore mayoral candidate Deray McKesson had his Twitter account hacked on Friday using a method that takes just minutes to carry out.

With a technique known as social engineering, a hacker was able to pose as McKesson in a phone call and over the web to gain full access to his account, completely negating the two-factor authentication on his cell phone.

"Today I learned that it is rather easy for someone to call the provider [and] change your SIM. The hacker got the account verification texts," McKesson tweeted.

Before McKesson regained access to his Twitter account, the hacker tweeted an endorsement of Donald Trump for president, and a tweet announcing that "I'm not actually black." Those tweets have been deleted.

In explaining what happened, McKesson said on Twitter that someone called Verizon customer service and impersonated him. The hacker was able to change the SIM of McKesson's phone to their own, thus redirecting all text message verifications to a phone under their own control.

Advertisement

With this, it was as simple as going through the "lost password" process online to get full access.

For example, Verizon Wireless' website asks for a customer's 10-digit phone number and billing zip code. With these two bits of information - which can often be culled from public sources - the user can then reset the account password through a text message.

The process is similar on Twitter. If a user has a lost password, they need to provide their Twitter handle and phone number. Though the process offers to reset the password via their email, users can request a text message instead.

A spokesperson for Verizon did not respond to repeated calls from Tech Insider.

Advertisement

NOW WATCH: Hackers showed us how easy it is to secretly clone a security badge

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article