Late night local time, Twitter CEO and co-founder Jack Dorsey’s Twitter account was hacked. The hackers who call themselves Chuckle Squad began tweeting racial slurs, a Holocaust denial post and antisemitic messages. The tweets were up for a while before they began being deleted.
uh oh, @jack hacked pic.twitter.com/rVELLkVuJs
— Sarah Frier (@sarahfrier) August 30, 2019
Amazing that it has taken 20+ mins for anyone at Twitter to even notice that their CEO’s account has been hacked 🙄 https://t.co/JOWNQj1JJE
— Tom Warren (@tomwarren) August 30, 2019
https://twitter.com/chillmage/status/1167527729622855686
Twitter communication tweeted that they were aware that their CEOs account was compromised and that they had began investigations.
Important context, because it means a linked app was compromised, but they likely had no access to DMs, no copy of his password, and Twitter itself (including, presumably, 2-factor authentication) wasn’t the vulnerability. https://t.co/d6z52ITS8m
— anildash.com (@anildash) August 30, 2019
Four years ago Twitter’s CFO has his account breached. He wasn’t using 2FA. https://t.co/BAszeVjHJ5 I find it hard to think Twitter’s security team would let @jack make the same mistake. My hunch would be third party app compromised, but we will see.
— Graham Cluley (@gcluley) August 30, 2019
Some reporting from me from within the Discord of Jack's hackers.
—Hackers tried to rifle through Jack's private messages, but open DMs made it too hard to tell what was important
—Users in the chat had spelled out "DONALD TRUMP" in reaction emojishttps://t.co/T9U07aD1XP
— Ben Collins (@oneunderscore__) August 30, 2019
They later tweeted that his account was now secure while also assuring tweeps that their systems hadn’t been compromised.
Twitter's promise vs. Twitter's reality. pic.twitter.com/ilwgrw6we8
— Daniel Nazer (@danielnazer) August 30, 2019
i did my own investigation and what happened is that there are nazis on the platform https://t.co/cHlYIB67O9
— Kristin Chirico (@KristinChirico) August 30, 2019
lol I was so busy toiling in the content mines today that I missed @jack's account getting stolen by the very people he refuses to remove from this cursed website https://t.co/FsemD447JZ
— Rob (@robrousseau) August 30, 2019
Jack: 'We're committing Twitter to help increase the collective health, openness, and civility of public conversation'
Users: BUT WHAT ABOUT THE NAZIS?
Jack: pic.twitter.com/NXEVHgLclF
— James Whatley (inactive) (@Whatleydude) August 30, 2019
Cell service vulnerability
They later pointed out that an unknown telecom provider that Jack uses linked to his Twitter account was compromised adding that there wa security oversight by the provider that they allowed the hackers to post the tweets via text.
The Twitter Client used to post the tweets via text was revealed to be CloudHopper.
.@jack’s hacked tweets are being posted from an app called Cloudhopper, which is apparently an app Twitter acquired previously that had something to do with SMS. So his account appears not breached – but rather Jack’s account is still hooked up to an old service that got hacked. pic.twitter.com/V3U5rJXrDP
— James O'Malley (@Psythor) August 30, 2019
Cloudhopper was the name of the company we acquired eons ago to help bolster our SMS service. Apparently we still use the name as the client ID.
— Bryan Haggerty (@bhaggs) January 28, 2019
This hacker group is an upcoming one that recently hacked Twitter accounts of various YouTubers such as Shane Dawson and James Charles together with King Bach. The group was also reportedly behind gaining access to the Gmail account of the late Edmond Amofah.
Many victims put the blame on AT&T’s employees who illegally SIM swap users accounts leading to the breaches.
After a horrifying 20 minutes of n-words and actual Nazi propaganda being pushed from the CEO's hacked account, maybe Twitter will take the gamification of harassment and racism as seriously as its victims have been for years.
— Ben Collins (@oneunderscore__) August 30, 2019
SIM swapping Jack is probably the most likely scenario. It’s surprisingly easy to get carriers to give up your SIM with just a few account details. Also very hard to protect against
— Tom Warren (@tomwarren) August 30, 2019
The hackers poster links to a discord server but we’re quickly booted out of the platform.
This isn’t the first time Jack has been hacked. It was hacked by another hacker group in 2016 who also hacked Mark Zuckerberg’s and Sundar Pichai’s accounts.
What they’re saying:
The only reason you haven't been hacked yet is that no one that can hack you cares
yet
— Jason ✨Be Kind✨ Lemkin 🇮🇱 (@jasonlk) August 30, 2019
https://twitter.com/CaseyNewton/status/1167526748994641921
Twitter founder @jack had his account hacked. I'm not laughing at all, but if there's any justice in this world, he'll have to engage with @TwitterSupport like a normal victim and get a chance to see first hand how horrible the experience is. Hopefully this leads to some change. pic.twitter.com/9YPwzXuyNS
— Jake Williams (@MalwareJake) August 30, 2019
https://twitter.com/mslopatto/status/1167527923286302720
I feel bad for Jack Dorsey but this is what happens when your entire staff goes to Burning Man
— Tom Gara (@tomgara) August 30, 2019
It's a shame he doesn't know anyone at Twitter to fix it, and get his account back.
I would try Burning Man to reach someone if I was him. Half of Twitter must be there as we talk… https://t.co/RipbIkJQ92
— Pierre-Olivier Carles (@pocarles) August 30, 2019
Time to switch to better 2FA methods such as using Authenticator Apps.
https://twitter.com/benedictevans/status/1167543712043294720
Twitter tells BBC it is urgently investigating what has happened to @jack's account, would not say why the account hasn’t been suspended or deactivated yet as still looking into it. Looks like tweets have stopped, many of the offending tweets seem to be disappearing now.
— Dave Lee (@DaveLeeBBG) August 30, 2019
So @jack has had his Twitter account hijacked. Everyone should ensure they have 2FA enabled, use unique password, and double check what apps they’ve linked to their accounts. Hard to say at moment how he was compromised, but one of those reasons most likely.
— Graham Cluley (@gcluley) August 30, 2019
EVEN JACK was sim-hijacked. Put a pin # on your mobile accounts y’all https://t.co/rFWAKxKlIz
— nic nguyen (@nicnguyen) August 31, 2019
Check your apps peeps. Here’s a handy list to ensure your phone’s security is in top shape.
Everyone will say “make sure you use a secure password and enable 2FA” on Twitter but neither of those things matter if you auth third-party apps to your account. The source of the bad tweets was via cloud hopper, which jack has used before. Check your apps people 👋 https://t.co/iZZn0LEjnJ
— Tom Warren (@tomwarren) August 30, 2019
It’s all his fault. Jack had been warned before
Spoke with a former Twitter employee who said Dorsey's hack should be embarrassing for the CEO. That person says Dorsey, who is known to work only on his iPhone, was told to use a more secure laptop in the past but refused. Twitter declined to comment. https://t.co/z4X94rI9OK
— Ryan Mac 🙃 (@RMac18) August 30, 2019
Come on man
Among the apparent reasons Dorsey refused the laptop: He didn't like carrying things on his long walks.
— Ryan Mac 🙃 (@RMac18) August 30, 2019
Cloud of doubt
https://twitter.com/robprovince/status/1167528210676027393
Or he needed to get some things off his chest and obfuscated it with a bunch of other stuff that sounded "hacky." https://t.co/a5qMzlIurY
— Eric Spencer (@JustEric) August 30, 2019
feral hogs, bedbug stephens, jack being hacked. august 2019 is the easily the greatest month in twitter history. we may never get as pure a time as this ever again https://t.co/D8BkjTjGt5
— alex furlin (@thefurlinator) August 30, 2019
Watching the hacked account of this website's CEO and feeling not too keen about the POTUS tweeting about important Article II type stuff here
— Elizabeth Joh (@elizabeth_joh) August 30, 2019
https://twitter.com/jebus911/status/1167526285486239755
https://twitter.com/zabbadab/status/1167529387908091905
