Twitter CEO Jack Dorsey experienced a hacking incident last Friday, albeit briefly. The hackers, calling themselves the “Chuckle Squad,” used Dorsey’s account to post abusive and racist tweets.
One of the tweets even read, “Nazi Germany did nothing wrong.” Another tweet seemingly threatened that there was a bomb at the company’s HQ.
Most of the offensive tweets were up for about 10 minutes, but officials have since deleted them.
After about an hour and a half, the social media platform said that “the account is now secure.” They also added that there was no indication that the company’s privacy and system have suffered.
The company blamed the hack at Dorsey’s cellphone carrier. It said that the phone number that links to the account suffered oversight by the mobile provider. The main problem, according to them, was that the provider allowed hackers to send tweets using text messages.
The tweet appeared to have come from Cloudhopper. The social media platform acquired Cloudhopper previously to aid in its SMS capabilities.
For instance, a user can text 404-04 from a number that links to your account, the text will be up on Twitter.
The group appears to be the same group that hacked YouTube celebs last week. The personalities include James Charles, King Bach, and Shane Dawson.
During the time, the people suggested their accounts suffered hacks after a SIM card swap that AT&T employees performed.
Sim Swap Attacks Spur Twitter Cybersecurity Concerns
The company’s explanation for the hijack seemed to confirm rumors revolving around a hacking technique. Users call this technique the “sim swap attack.”
Mobile phone use sim cards to verify the user’s identity with telecommunications networks. A sim swap attack happens when a hacker convinces a mobile phone carrier to switch one phone number to another sim card. This gives the hacker control of the user’s phone number.
When the hacker takes control of the target’s phone number, the hacker can intercept messages for two-factor authentication. This is another way of verification beyond passwords.
In September 2018, Twitter reported to the US intelligence committee and said that Dorsey uses two-factor authentication on his social media and email accounts.
Meanwhile, the hackers also shared a link to a discord server. Hackers encouraged each other to “be on the lookout” before the breach.
The incident triggered fresh concerns over the chances of cybersecurity breach for social media users.
Canadian parliament member Michelle Remper said the fact that Dorsey took 30 minutes to get his account back was problematic. Remper implied that Twitter was no longer a viable social media platform now.
This isn’t the first time a CEO of a huge company suffered from hacks. Dorsey, for instance, suffered from another incident in 2016.
Security firm OurMine hacked his account and sent a message that said, “testing your security.”
OurMine also hijacked the accounts of several celebrities as well as tech execs. The list included Facebook’s Mark Zuckerberg, former Uber CEO Travis Kalanick, and Google’s Sundar Pichai.