Someone just hacked Twitter CEO Jack Dorsey's Twitter account
What's the story
Another day, another hack! However, this time, it isn't a service that's been compromised but the owner of the service - Jack Dorsey. Yes, a few hours ago, someone managed to hack into the Twitter account of Twitter's co-founder and CEO and sent out several random messages and racial slurs. Here's all you need to know about the attack.
Attack
Dorsey's account hacked by 'Chuckle Squad'
Late last night (India time), a group calling itself 'Chuckle Squad' broke into the Twitter account of Dorsey. They soon started sending out several racial slurs and antisemitic messages, puzzling people who follow Dorsey on the service. One tweet from the group even said that there is intel of a bomb at the headquarters of Twitter.
Twitter Post
Here are some of the tweets
hey @jack how's Twitter's password security going? pic.twitter.com/QGoJ2OJkE4
— Rod Breslau (@Slasher) August 30, 2019
Restoration
After an hour and a half, the account was restored
As the account got compromised, Twitter's team got to the rescue. They started working to secure the account and kept deleting the racial posts flooding the account in the process; still, some posts were there for about 10 minutes. Then, after battling the hackers for about an hour and a half, they were able to find and plug the loophole that compromised Dorsey's account.
Hack
But, how the account was compromised?
Initially, Twitter didn't say much about the hack and only emphasized that "the account is now secure, and there is no indication that Twitter's systems have been compromised." However, after some time, the company explained the attack, noting that the group was able to send out tweets from Dorsey's account via text messages. They first hijacked his phone number and then sent out tweets.
Twitter Post
Here's the explanation from Twitter
The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.
— Twitter Comms (@TwitterComms) August 31, 2019
Information
Hackers' tweets came out via Cloudhopper
Notably, the tweets from the hackers came from Cloudhopper, the service the microblogging site had acquired back in 2010 for letting users send out tweets via text messages. The method has now become outdated but Dorsey has still been seen using it for sending tweets.
Previous hack
Dorsey's account has been compromised before too
Having said that, this isn't the first time Dorsey's account has been compromised. Back in 2016, a security firm by the name of OurMine broke into the account of several CEOs in the tech industry, including Dorsey's. They had sent out a video as well as a tweet saying "testing your security" in that hack.