Skip to main content

Hackers used scarily simple way to take over Twitter CEO Jack Dorsey’s account

Twitter CEO Jack Dorsey’s account fell victim to an old hacking method, bringing the technique back in the spotlight and raising fresh concerns about the social media platform’s security.

The hackers, who call themselves the Chuckling Squad, hijacked Dorsey’s account on Friday afternoon. They were able to tweet out offensive messages before Twitter took back control.

Related Videos

Twitter immediately launched an investigation into the security incident. There were a few theories on what exactly happened, though it appeared that the hackers posted the tweets from an app called Cloudhopper, which the social media platform bought in 2010.

The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.

— Twitter Comms (@TwitterComms) August 31, 2019

Cloudhopper allows users to post tweets by texting messages to a certain number. The service only requires a phone number to be linked to an account on the platform, and it looks like Dorsey had his linked.

The hackers were able to acquire Dorsey’s phone number through “a security oversight,” allowing them to send out tweets on his account through Cloudhopper. Regular users, meanwhile, should not worry that the security breach affected everyone on the service.

The method, called SIM swapping, convinces carriers to assign a phone number to a new phone that is in the hands of the attackers. Chuckling Squad has been using the technique for years, with prominent attacks against online influencers, according to The Verge. It also appeared that the group has something going on with AT&T, which is also Dorsey’s carrier. However, it remains unclear how exactly they acquired the Twitter CEO’s phone number.

This is not the first time that Dorsey’s account was compromised. Back in 2016, hackers associated with OurMine took over the account, claiming that they were testing the platform’s security, following takeovers on the Quora account of Google’s Sundar Pichai, and the Instagram, LinkedIn, Pinterest, and Twitter accounts of Facebook’s Mark Zuckerberg.

The new security incident involving Dorsey reveals that his Twitter account is set up like a regular user, with all the vulnerabilities that it entails. It is unclear why the company did not provide additional safeguards on Dorsey’s account to protect against attacks such as SIM swapping, even after their CEO was already targeted in the past.

Editors' Recommendations

Elon Musk just did something uncontroversial at Twitter
Twitter logo in white stacked on top of a blue stylized background with the Twitter logo repeating in shades of blue.

Elon Musk has unveiled a new Twitter feature that lets you see how many times a tweet has been viewed.

The company's new owner and CEO posted about the feature on Thursday, noting that it’s similar to how the platform already shows view counts for videos.

Read more
Twitter bans, then unbans account tracking Elon Musk’s jet
A digital image of Elon Musk in front of a stylized background with the Twitter logo repeating.

Hours after Twitter suspended the account that tracks the movements of Elon Musk’s private jet, the company reversed its decision and put it back online.

Twitter also suspended the account of Jack Sweeney, the person behind @elonjet, and @jxacksweeney remains out of action at the time of writing.

Read more
Many Twitter accounts could soon lose blue checkmarks
Twitter Blue menu option on a white screen background which is on a black background.

If your Twitter profile page currently displays a blue checkmark and you’re not planning to subscribe to Twitter Blue, expect to lose the mark before too long.

Twitter’s new owner, Elon Musk, said on Monday that “all legacy blue checks” will be removed “in a few months,” adding that the way they were given out was “corrupt and nonsensical.”

Read more