This article from the BBC today https://www.bbc.co.uk/news/uk-england-norfolk-49513692 talks about how the CEO of twitter Jack Dorsey was a victim of a sim swap attack recently where someone “tricked” a phone provider into transferring the phone number associated with Jacks account onto a different SIM which they control.
“trick” is in quotes as it could just as easily been done by paying the phone company operator to turn a blind eye and no tricks were needed. The attacker then proceeded to tweet some offensive and embarrassing things.
The interesting thing isn’t that a sim swap happened (they seem to be at almost epidemic levels currently), but that twitter doesn’t have some sort of extra controls for high level accounts which could minimise the damage caused by an account take over.
Perhaps they could look at implementing some sort of account feature which signifies that you have a “corporate” or “professional” account and automatically blocks any tweets containing offensive or rude words, or restricts tweets to only come out during predefined business hours.
if the feature also had a mandatory 24-48 hour delay between turning it off/on it would serve as a simple buffer to prevent a drunken disgruntled employee with access to a corporate account logging in at 2am and posting something offensive
It would also have made it slightly harder for whoever took over Jacks account to cause as much offence.
Urban Security Research 