Twitter CEO Jack Dorsey’s account fell sufferer to an outdated hacking methodology, bringing the method again within the highlight and elevating contemporary considerations concerning the social media platform’s safety.
The hackers, who name themselves the Chuckling Squad, hijacked Dorsey’s account on Friday afternoon. They had been capable of tweet out offensive messages earlier than Twitter took again management.
Twitter instantly launched an investigation into the safety incident. There have been just a few theories on what precisely occurred, although it appeared that the hackers posted the tweets from an app referred to as Cloudhopper, which the social media platform purchased in 2010.
The cellphone quantity related to the account was compromised on account of a safety oversight by the cellular supplier. This allowed an unauthorized individual to compose and ship tweets by way of textual content message from the cellphone quantity. That concern is now resolved.
— Twitter Comms (@TwitterComms) August 31, 2019
Cloudhopper permits customers to put up tweets by texting messages to a sure quantity. The service solely requires a cellphone quantity to be linked to an account on the platform, and it appears to be like like Dorsey had his linked.
The hackers had been capable of purchase Dorsey’s cellphone quantity by “a safety oversight,” permitting them to ship out tweets on his account by Cloudhopper. Common customers, in the meantime, shouldn’t fear that the safety breach affected everybody on the service.
The tactic, referred to as SIM swapping, convinces carriers to assign a cellphone quantity to a brand new cellphone that’s within the arms of the attackers. Chuckling Squad has been utilizing the method for years, with outstanding assaults towards on-line influencers, based on The Verge. It additionally appeared that the group has one thing happening with AT&T, which can also be Dorsey’s provider. Nonetheless, it stays unclear how precisely they acquired the Twitter CEO’s cellphone quantity.
This isn’t the primary time that Dorsey’s account was compromised. Again in 2016, hackers related to OurMine took over the account, claiming that they had been testing the platform’s safety, following takeovers on the Quora account of Google’s Sundar Pichai, and the Instagram, LinkedIn, Pinterest, and Twitter accounts of Fb’s Mark Zuckerberg.
The brand new safety incident involving Dorsey reveals that his Twitter account is about up like an everyday consumer, with all of the vulnerabilities that it entails. It’s unclear why the corporate didn’t present further safeguards on Dorsey’s account to guard towards assaults equivalent to SIM swapping, even after their CEO was already focused previously.