Political Commentator’s Accounts Hacked

Last updated on April 25th, 2023 at 05:23 pm

An AI generated image of a yellow and blue SIM card on the bottom of a fishing hook. The image has been edited to add the text "Hacked"
Image made by Dall-E 2 and edited in Canva.

The Twitter account of right-wing political commentator Matt Walsh appeared to be hacked on Tuesday evening.

While in the hands of apparent hackers, Walsh’s account made several offensive tweets about other right-wing figures, including Ben Shapiro and Andrew Tate.

While the tweets have since been deleted, many are still visible via the Internet Archive’s Way Back Machine.

One now-deleted tweet claimed “My Twitter isn’t hacked, This is Just the Real Me Coming Out” and included a photo of a phone with multiple two-factor authentication (2FA) codes sent via text message. 

As noted by independent journalist Steven Monacelli, the 2FA codes were not just for Walsh’s Twitter account, but for Microsoft and Google accounts as well, suggesting they were also compromised.

This makes it likely Walsh’s phone number was stolen in a SIM-swap attack, allowing hackers to request password resets and receive 2FA codes sent via text. 

Choose a different verification method.
This [SMS-based] two-factor authentication method is only available to Twitter Blue subscribers. Please select a different method.
If a non-Twitter Blue subscriber attempts to enable SMS-based 2FA, they are told to choose another form of 2FA. Screenshot from Twitter.

This attack highlights just how insecure SMS-based 2FA really is. In fact, Twitter recently stopped non-Twitter Blue subscribers from using SMS-based 2FA. The inferior form of 2FA is, however, still available to paying customers like Walsh.

So, if you’re still using SMS-based 2FA, consider switching to a free authenticator app or, for maximum security, a security key.

Update April 20th: Dell Cameron, a reporter at Wired, confirmed that Walsh’s accounts had been compromised via a SIM-swap attack. Cameron reports that a hacker known as Doomed was behind the attack.

Leave a Comment

Your email address will not be published. Required fields are marked *