The recent spate of Twitter account hacks is embarrassing but not threatening to the company’s outlook, former COO Ali Rowghani told CNBC on Thursday.
“It’s more embarrassing than it indicates some sort of breakdown in their business,” Rowghani said on “Squawk on the Street.”
Twitter CEO Jack Dorsey’s account was hacked last week and other high-profile individuals also had their accounts compromised, including actress Chloe Moretz on Wednesday. The breaches appear to be linked, with references to the “Chuckling Squad.” In addition to the racial slurs and bomb threats posted on Dorsey’s account, the hackers put up screenshots of private messages on Moretz’s account. The tweets were later deleted.
In response, Twitter announced it was temporarily suspending a feature that allowed users to post tweets through SMS, or text messaging. Rowghani called the feature, which Twitter launched nearly a decade ago, a “hacking vector.”
Online accounts can be compromised if a hacker calls a victim’s wireless carrier and requests to have the phone number transferred to a new SIM card. Hackers then use that new SIM card in their phone to recover the password for the targeted account, gaining access to it.
That is what happened with Dorsey’s account, Twitter said in a statement, which attributed the incident to “a security oversight by the mobile provider.”
“It’s ironically not Twitter’s fault that Jack’s account got hacked,” said Rowghani, now the CEO of Y Combinator Continuity, a start-up incubator. He added he thinks the move to suspend the tweet-by-text capability should “cure” the recent hacking problem.
It’s unclear if Twitter will permanently disable the function. Rowghani, who left Twitter in 2014, said it’s a “legacy behavior” and not commonly used, except in parts of the developing world.
But Rowghani said the incidents do raise long-term questions about online security for companies like Twitter that rely on third-party services, which in the case of the hacks were mobile providers.
“I think companies can try to design their systems in such a way that they have as little reliance on external parties as possible, but it’s not always possible,” he said. “I think it’s always going to be a constant battle between hackers and security people. It’s never really going to go away.”