Cybersecurity researcher Karan Saini found a hack for accessing Twitter accounts. The problem was subsequently fixed, but the issue of unsafe verification remains in social media sites.
Twitter Phone Verification Dangers
The verification measures of social media are often used for hacking. The weak spot in question was penetrated with the help of a mobile device (in this case an iPhone). The hackers could add the target account in the device’s operating system without logging directly into it.
From there on some of the private information of the account would’ve been available to the hacker. That includes data that can be used to bypass the verification process of the site. The crooks can also add new phones and emails that can then be used to change the password.
The hack was reported on the Squeal.net site.
Verifying hackers
The verification processes of today’s sites are a catch 22 – you want the real users to be able to recover their password once it’s lost, but making it too difficult would prevent them from doing that. All social media requires a phone number for the more complex “security” measures.
The password recovery methods and the interconnectivity with other platforms are the most dangerous points. OurMine managed to hack some of the biggest names in the IT industry simply by guessing their secret questions or hacking connected accounts.
We should probably start implementing alternatives to the usual password method of accessing accounts. The hacks of Yahoo, Ashley Madison, and countless other examples prove that the whole approach is too faulty.
Encryption does help, but the algorithms of password hashing are constantly changing, and the sites almost always prefer to turn a blind eye to the security of their customers. This is the curse of the “free” internet – people prefer a cheap service rather than a good one.