Everything was going on well on Twitter on Friday, until its Chief executive and Co-Founder, Jack Dorsey’s account started sending derogatory, racial and anti-Semitic tweets. That’s quite off it, a sudden “heat wave in winter” because it breaks Twitter rules, and coming from Jack himself, it’s a red flag.
For 15 minutes the tweets keep pouring in the direction of everything that Twitter stands against. Something has gone wrong for sure. The next tweet from TwitterComms confirmed that:
“We are aware that @jack was compromised and investigating what happened.”
“Who compromised the account”? Was a question the tech team needed more time to answer. How it was compromised came quickly though not detailed. The tweets were sent via Cloudhopper, a service Twitter bought in 2010 to improve its SMS service.
So whoever hacked the account must have done so through a third party app, not Twitter password breach. The TwitterComms statement said:
“The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.”
So it was simswapping. The hacker tricked the service provider into believing he is the owner of the sim, and needed it swapped to another number. And for the next 15 minutes, the hacker was sending tweets via text messages, smiting over 4 million followers of Jack with his rogue tweets.
In the early days of Twitter, texting was largely used for updates, which was the reason for the 140 characters’ limit. Though Twitter App has become popular, Twitter didn’t rule the method of text messaging out for the sake of people tweeting from developing lands where data cost is high.
It is not clear who the service provider is, since Twitter didn’t say. But through the previous activities of Chuckle Squad, a hackers group who have taken responsibility for the compromise, AT&T seems to be the service provider.
The screen shots collected from the Discord server of Chuckle Squad show that the group has been responsible for series of other hacks involving some celebrities on Twitter, in the past week. Beauty Vloggers James Charles, Shane Dawson, the late Desmond Amofah a.k.a @Etika and Comedian King Bach were all victims of the last week’s attack. And they all have the common claim that their accounts have been compromised through simswap conducted by AT&T employees.
TwitterComms has long sent a message indicating that the situation is contained:
“The account is now secure, and there is no indication that Twitter’s systems have been compromised.”
But it doesn’t quell the concern that the breach has generated, knowing that it is not the first time something like that is happening. Mark Zuckerberg has had his account hacked, because he didn’t use the two-factor authentication.
And for a platform hosting celebrities, academics, world leaders etc. it has prompted a great concern that people’s accounts could be a finger tip away from being breached. Twitter is yet to say anything about what it’s doing to address the concern.