Pierluigi Paganini August 31, 2019

Hackers compromised the Twitter account of Jack Dorsey, CEO at Twitter, and published and retweeted offensive and racist messages.

No one is secure online, news of the day is that hackers compromised the Twitter account of Jack Dorsey, CEO at Twitter and co-founder, and published and retweeted offensive and racist tweets.

The hack tool place yesterday, the company quickly removed any tweet and retweet made by the attackers. Just after the account was hacked, the Twitter’s CEO name ‘Jack‘ started trending on Twitter.

“Yes, Jack’s account was compromised,” said Brandon Borrman, Vice President Global Communications at Twitter. “We’re working on it and investigating what happened.” said a Twitter spokesperson.

A group referring to itself as the Chuckling Squad took credit for the hack of the profile that has more than four million followers.

“A chat channel on Discord, a separate website, was apparently set up by the group to discuss and joke about the attack – but was quickly shut down.” reported the BBC.

“The Chuckling Squad has taken credit for a number of attacks on high-profile Twitter accounts recently, including beauty vlogger James Charles and an account belonging to YouTube personality Desmond Amofah, known as @Etika, who died earlier this year in an apparent suicide.“

Twitter clarified that its systems were not compromised, instead, the company blamed an unnamed mobile operator.

“The phone number associated with the account was compromised due to a security oversight by the mobile provider,” reads a statement from Twitter.

“This allowed an unauthorised person to compose and send tweets via text message from the phone number. That issue is now resolved.”

The offensive messages sent from the hacked account remained on the Dorsey’s profile page for around 30 minutes.

One tweet sent from the Jack Dorsey’s account also made a bomb threat, the hacker claiming they have placed a bomb at Twitter’s headquarters.

A Twitter user speculated that the tweets were sent due to the hack of CloudHopper, a company owned by Twitter that allows users to send out tweets using SMS messages.

If confirmed there are two possible scenarios for this hack:

• attackers hacked the CloudHopper infrastructure;
• Jack Dorsey was the victim of a SIM swapping attack, the hackers replaced his phone number with one under their control and used it to send SMS messages that authorized the racist tweets.

I believe that Jack Dorsey was the victim of a SIM swapping attack, hackers used this technique to take over Dorsey’s account associated with his phone number and operate on his behalf.

Authorities are currently investigating the incident.

Pierluigi Paganini

(SecurityAffairs – Jack Dorsey, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]