Jack Dorsey’s Twitter account hacked

2019-08-31 at 10:27

The co-founder and chief executive of Twitter had his own account on the service briefly taken over by hackers.

A group referring to itself as the Chuckling Squad said it was behind the breach of Jack Dorsey’s account.

The profile, which has more than four million followers, tweeted out a flurry of highly offensive and racist remarks for about 15 minutes.

Twitter said its own systems were not compromised, instead blaming an unnamed mobile operator.

“The phone number associated with the account was compromised due to a security oversight by the mobile provider,” Twitter said in a statement.

“This allowed an unauthorised person to compose and send tweets via text message from the phone number. That issue is now resolved.”

A source at the company confirmed to the BBC that the hackers had used a technique known as “simswapping” (or “simjacking”) in order to control Mr Dorsey’s account.

This is a technique whereby an existing phone number – in this case one associated with Mr Dorsey’s account – is transferred to a new SIM card, usually after attackers trick or bribe customer support staff at a mobile provider.

By taking control of the number, the attackers were able to post tweets via text message directly on to Mr Dorsey’s Twitter account.

While nowadays the overwhelming number of users use mobile apps to tweet, Twitter’s early days were built around texting in updates – hence the character limit – and Twitter has kept this method, in part because of its use in developing countries with high data costs.