Pages

Twitter’s 2FA Provider Might Have Been Spying on You

Two factor authentication has ended up becoming a really huge part of most social media companies because of the fact that this is the sort of thing that could potentially end up giving their users an added layer of security that they can end up relying on for the most part. Twitter is no different, and it like many other social media platforms outsources its 2FA provision to a third party, but certain revelations about their 2FA provider have caused quite the stir.

The company in question is a Swiss firm by the name of Mitto, and many big tech companies use it to send out text messages that include 2FA codes as well as promotional material and the like. With all of that having been said and now out of the way, it is important to note that Twitter has announced that it will no longer be working with the company after discovering allegations that their COO secretly let surveillance firms track Twitter users by giving them access to their mobile phones.

One thing to note here is that it is entirely possible that the COO, named Ilja Gorelik, was acting alone. That can be surmised by a press release by Mitto that claimed that no one knew that this is what Gorelik was up to. Regardless of that, the fact that someone at the very highest levels of the company was being so brazen with private user data is definitely not a good sign, and it suggests that there is a widespread culture of privacy violation that may very well be rife in the company.

Companies like Google, WhatsApp, Tencent and Alibaba all make use of Mitto for their text based communications, and these allegations will definitely make them want to second guess their decision in that regard. While Gorelik has been fired from the company, there is still a cloud hanging over it since quite a few users would be hesitant to keep using two factor authentication which could create an even bigger security crisis since it would reduce the overall level of security that they would need to stay safe online.

No comments: