Civil rights activist and former Baltimore mayoral candidate DeRay Mckesson said his Twitter account was hacked Friday morning after individuals impersonated him during a phone call to Verizon tech support and gained access to several of his accounts.
Mr. Mckesson, a 30-year-old Baltimore native who gained recognition for his activism during the 2014 unrest in Ferguson, Missouri, explained exactly how he was hacked later in the afternoon once he regained access to his Twitter account — but only after it was used to endorse Donald Trump’s presidential bid to his 379,000 followers.
At 10:31 a.m., an individual called Verizon posing as Mr. Mckesson and convinced a technician to change the unique SIM associated with the activist’s phone, allowing the hacker or hackers responsible to have his messages rerouted to a different device. The culprit then requested password reset codes for Mr. Mckesson’s Twitter and other internet accounts, and subsequently gained access by intercepting those codes when they were sent as text messages.
“I was super hacked,” Mckesson told Mic on Friday.
Mr. Mckesson was able to regain access within hours, but raised eyebrows in the interim after his compromised Twitter endorsed Mr. Trump’s presidential run.
“I endorse @realDonaldTrump for president. #MAGA” the hacked account tweeted along with a picture of Mr. Trump and a fist emoji.
“I’m not actually black,” the hacker or hackers then wrote.
Mr. Mckesson disavowed the phony Trump endorsement Friday afternoon and associated the hacks with “a long history of people trying to silence those committed to civil rights and justice work” in an interview with the Baltimore Sun.
“No, I do not endorse Trump as the next President. He cannot be the President of the United States. He is racist & a bigot, unfit to lead,” Mr. McKesson tweeted from his reclaimed account later Friday.
Amid a rash of similar compromises concerning high-profile Twitter users, Friday’s incident occurred in spite of Mr. Mckesson using security precautions that weren’t applied by celebrities who had their accounts hacked in recent days.
Mr. Mckesson said that his Twitter account had been protected by two-factor authentication – meaning attempts to access his account from an unrecognized device would have prompted Twitter to send a temporary, secondary security code to a trusted device, such as a cell phone; in Mr. Mckesson’s case, however, text messages sent to his phone were intercepted.
“Today I learned that it is rather easy for someone to call the provider & change your SIM. The hacker got the account verification texts,” he tweeted.
While not clear, the hackers may have been able to pose as Mr. Mckesson by citing personal information, such as his Social Security or phone number.
“Verizon takes the security and privacy of our customers very seriously. We are aware of Mr. Mckesson’s claims and Verizon security teams are investigating,” Verizon told TechCrunch.
Michael Coates, Twitter’s trust and information security officer, said in a blog post Friday that two-factor authentication “is the single best action you can take to increase your account security.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.