Skip to main content

Hackers used scarily simple way to take over Twitter CEO Jack Dorsey’s account

Twitter CEO Jack Dorsey’s account fell victim to an old hacking method, bringing the technique back in the spotlight and raising fresh concerns about the social media platform’s security.

The hackers, who call themselves the Chuckling Squad, hijacked Dorsey’s account on Friday afternoon. They were able to tweet out offensive messages before Twitter took back control.

Twitter immediately launched an investigation into the security incident. There were a few theories on what exactly happened, though it appeared that the hackers posted the tweets from an app called Cloudhopper, which the social media platform bought in 2010.

The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.

— Twitter Comms (@TwitterComms) August 31, 2019

Cloudhopper allows users to post tweets by texting messages to a certain number. The service only requires a phone number to be linked to an account on the platform, and it looks like Dorsey had his linked.

The hackers were able to acquire Dorsey’s phone number through “a security oversight,” allowing them to send out tweets on his account through Cloudhopper. Regular users, meanwhile, should not worry that the security breach affected everyone on the service.

The method, called SIM swapping, convinces carriers to assign a phone number to a new phone that is in the hands of the attackers. Chuckling Squad has been using the technique for years, with prominent attacks against online influencers, according to The Verge. It also appeared that the group has something going on with AT&T, which is also Dorsey’s carrier. However, it remains unclear how exactly they acquired the Twitter CEO’s phone number.

This is not the first time that Dorsey’s account was compromised. Back in 2016, hackers associated with OurMine took over the account, claiming that they were testing the platform’s security, following takeovers on the Quora account of Google’s Sundar Pichai, and the Instagram, LinkedIn, Pinterest, and Twitter accounts of Facebook’s Mark Zuckerberg.

The new security incident involving Dorsey reveals that his Twitter account is set up like a regular user, with all the vulnerabilities that it entails. It is unclear why the company did not provide additional safeguards on Dorsey’s account to protect against attacks such as SIM swapping, even after their CEO was already targeted in the past.

Editors' Recommendations

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Twitter reveals details about massive Bitcoin hack
Jack Dorsey, co-founder and former CEO of Twitter

Twitter has revealed what it knows so far about the major hack involving a bitcoin scam that targeted dozens of high-profile accounts on its service on Wednesday, July 15.

In a series of tweets posted on its Support account, the company said it believed the hack had been made possible by tricking one or more of its employees who had access to Twitter’s internal systems and tools.

Read more
Twitter CEO Jack Dorsey calls it a ‘tough day’ after major hack
best classic simpsons episodes disney plus jack dorsey twitter ceo

Twitter CEO Jack Dorsey said it had been a "tough day" for the team after numerous high-profile Twitter accounts were hacked in a Bitcoin scam on Wednesday, July 15.

“Tough day for us at Twitter,” Dorsey said in a tweet posted at 6.20 p.m. PT, just a few hours after the security breach took place, adding, “We all feel terrible this happened.”

Read more
Twitter CEO Jack Dorsey makes Juneteenth a company holiday
Jack Dorsey

Juneteenth, celebrated as the day when slavery in the U.S. ended, will now be officially commemorated in the U.S. -- at least at tech giants Twitter and Square.

Read more