ate on Friday, Twitter announced a new policy that will remove text message two-factor authentication (2FA) from any account that won’t pay for it.
In a blog post, Twitter said that it will only allow accounts that subscribe to its premium Twitter Blue feature to use text message-based 2FA. Twitter users that don’t switch to a different type of two-factor authentication will have the feature removed from their accounts by March 20.
That means that anyone who relies on Twitter sending a text message code to their phone to log in will have their 2FA switched off, allowing anyone to access their accounts with just a password. If you have an easily guessable Twitter password or use that same password on another site or service, you should take action sooner rather than later.
The U.S. Supreme Court has declined to block a lawsuit brought by WhatsApp challenging the alleged mass phone hacking by Israeli spyware maker NSO Group. Meta-owned WhatsApp first filed a suit against NSO Group in 2019 claiming the spyware maker exploited an audio-calling vulnerability in WhatsApp to stealthily deliver its Pegasus phone spyware onto users’ […]
Cybercriminals are actively exploiting a two-year-old VMware vulnerability as part of a ransomware campaign targeting thousands of organizations worldwide. Reports emerged over the weekend that VMware ESXi servers left vulnerable and unpatched against a remotely exploitable bug from 2021 were compromised and scrambled by a ransomware variant dubbed “ESXiArgs.” ESXi is VMware’s hypervisor, a technology that […]
Twitter’s direct messages have always been a security liability. The DMs you send to friends and internet strangers aren’t end-to-end encrypted, making your conversations potentially accessible if Twitter suffers a data breach, or to company staffers with the right permissions to access them. Both scenarios are arguably more likely in Elon Musk’s version of Twitter, where key security and […]
Leave a Reply