Twitter Inc. Chief Executive Officer Jack Dorsey’s account sent out a stream of offensive tweets on Friday (30th Aug 2019) in what the company said was a hack.
More than 15 tweets, many containing swear words and racist comments, were posted shortly before 4 p.m. New York time. The company started deleting the tweets from Dorsey’s verified Twitter account, which has more than 4 million followers, about 20 minutes after the messages went viral.
“Yes, Jack’s account was compromised,” Twitter spokesman Brandon Borrman wrote in a tweet. “We’re working on it and investigating what happened.” The company later said there was “no indication that Twitter’s systems have been compromised,” but said it needed to investigate further before saying what happened.
Some of the tweets used anti-black slurs, praised Hitler and talked about a bomb at Twitter’s headquarters. Many of them referenced the Chuckling Squad, a group that took credit for the hack of several YouTube and Instagram stars earlier this month, including James Charles, Shane Dawson, King Bach and Amanda Cerny.
A Twitter spokesman said the company was unlikely to have answers about what happened to its CEO’s account for a few more days.
After Dorsey’s hack, other Twitter users expressed concern that an even more prominent and prolific user — President Donald Trump — could be just as easily hacked, affecting global political relations. Trump, who often uses the service to publicize policy decisions, expressed little concern about that scenario.
“Well, I hope they’re not hacking my account, but actually if they do, they’re not going to learn too much more than what I put out, right?” Trump told reporters Friday evening as he left the White House. “Shouldn’t be too bad.”
Twitter declined to comment on the security measures Dorsey uses. His account was hacked in 2016 through a connection to his Vine account, so he likely uses some form of two-factor authentication. That suggests a more sophisticated attack. One possibility is a SIM-card swap, in which a hacker called Dorsey’s wireless carrier and convinced them to switch his number to a new SIM card. Such swaps are possible because hackers can gather personal information on the dark web and use it to validate the account, according to Lawrence Pingree, a research vice president at Gartner Inc.
“You can call in and say, ‘I bought a new phone and I need a new SIM card assigned to this number,’” he said. If the caller provides the correct information, they might succeed, and the problem is made worse because call centers handle so many calls, Pingree added.
The tweets were sent via a service called Cloudhopper that allows tweeting via SMS. Twitter acquired Cloudhopper in 2010.