A group of hackers managed to hack into Twitter CEO and cofounder Jack Dorsey's account on his own platform. Dorsey started to post offensive and strange tweets on Friday, suggesting that his account has been compromised.
The account @jack shared racial slurs and shoutouts to various people. It also used the hashtag #ChucklingSquad and posted a link to Discord chat called "Chuckling Squad," hinting that the hacker group Chuckling Squad is behind the breach.
The group has taken credit for attacks on several high-profile Twitter accounts, including those of YouTubers James Charles, Shane Dawson, and Desmond Amofah, who died earlier this year.
How Hackers Took Over Dorsey's Twitter Account
It was suspected that the attackers gained access to Dorsey's account through a vulnerability in a third-party app. The tweets were posted via Cloudhopper, which Twitter acquired in 2010 for SMS text integration.
Investigations eventually revealed that an issue with Dorsey's cell carrier is to blame. In a statement, Twitter said the mobile phone number linked to the compromised account has something to do with the breach.
This suggests that the account was indeed compromised through Cloudhopper, which has long allowed users to tweet by texting "40404" from a phone number associated with their account.
The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved. — Twitter Comms (@TwitterComms) August 31, 2019
Twitter Systems Not Compromised
Twitter acknowledged that its CEO's account was compromised, but it is now secure. It also said there is no indication that the platform's systems have been compromised.
This is not the first time Dorsey's account was hacked. In 2016, security firm OurMine also hacked @jack, posting a message about "testing your security."