The Twitter account of Jack Dorsey, Twitter’s chief executive officer, was hacked and briefly hijacked on Friday.
At 12.44pm Pacific time, the account @jack began publishing a series of tweets from the hackers. The rapid stream of tweets included racial slurs, profanity, praise for Adolf Hitler and a reference to “a bomb at Twitter HQ”. The hackers appear to refer to themselves as the “Chuckling Squad”.
The tweets also shared a link to a Discord server – a type of internet chat room – where users appeared to be boasting about the hack in the moments after the account was hijacked.
Twitter confirmed the hack and regained control of the account within 30 minutes, saying that it had found “no indication” that Twitter’s systems were compromised. A company spokeswoman also said that Twitter had “looked into” the bomb threats and could confirm that they were “not credible”.
On Friday evening, the company attributed fault for the hack to Dorsey’s mobile phone company.
“The phone number associated with the account was compromised due to a security oversight by the mobile provider,” the company said. “This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.”
Twitter’s description of the breach appears to confirm speculation that the hack was achieved by what’s known as a Sim swap attack. Mobile phones use subscriber identity modules, or Sim cards, to authenticate themselves with telecommunications networks. Sim swaps occur when a hacker manages to convince a mobile phone carrier – often through bribery or trickery of low-level employees – to switch a particular phone number to a different Sim card, giving the hacker control of the phone number.
While is does not appear to be the case in this attack, Sim swaps often work by enabling a hacker to change a target’s social media passwords. With control of the target’s phone number, a hacker can intercept text messages needed for two-factor authentication – an additional form of verification beyond a password to access an account, which usually comes via an SMS message or email. Twitter told the US Senate intelligence committee that Dorsey uses two-factor authentication on his personal Twitter and email accounts in written responses provided to the committee in September 2018.
The Guardian briefly gained access to the Discord server linked to by the hackers, where users sent messages encouraging each other to “be on the lookout” and “keep looking at twitter” shortly before the breach. The server became unavailable shortly after 1pm.
Dorsey, 42, was one of the founders of Twitter and sent the first ever tweet on 21 March 2006. He served as the company’s first CEO until October 2008, when he stepped down, and returned to the role in 2015. He has 4.2m followers.
Dorsey is not the first technology CEO to suffer the embarrassment of a personal hack, nor is this the first time his account has been compromised. In 2016, a hacking group known as OurMine Security took over the accounts of numerous celebrities and tech executives, including Dorsey, Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and the former Uber CEO Travis Kalanick.