Twitter is in a weird position right now. CEO Jack Dorsey’s account was hacked on Friday by a group which calls itself ‘Chuckle Squad.’ It wasn’t just hacked, the miscreants tweeted racial statements, antisemitic messages and Holocaust denial from Dorsey’s account. These tweets were there for about 10 minutes but they have been deleted. Twitter Comms confirmed that such an incident has happened.
The account is now secure, and there is no indication that Twitter's systems have been compromised.
— Twitter Comms (@TwitterComms) August 30, 2019
Twitter was quick to blame Dorsey’s cell carrier, saying that “the phone number associated with the account was compromised due to security oversight by the mobile provider.” They mean to say that this loophole allowed the hackers to send the tweets using text messages.
A user pointed out that the tweets came via Cloudhopper, a company that Twitter previously acquired to help with its SMS service. So, if people staying in the US text 404-04 from the phone number linked to their Twitter account, that text will be posted to Twitter. Here the source in the tweet will be given as “Cloudhopper.”
.@Jack’s account has been hacked.
The Tweets are coming from a source called Cloudhopper. Cloudhopper was the name of the company Twitter acquired a long time ago to help bolster their SMS service.
Looks like the hackers are Tweeting via the old SMS service… pic.twitter.com/YcU3DTn9wS
— Sam (@Hooray) August 30, 2019
‘Chuckle Squad’ has a bit of history. Apparently, this is the same group that attacked a number of YouTube celebrities last week on Twitter, including Shane Dawson, beauty vlogger James Charles, and comedian King Bach. Many people are under the impression that their accounts were hacked following a SIM card swap conducted by AT&T employees.
On this, an AT&T spokesperson responded, “We are working with law enforcement, have restored the customers’ service, and discussed ways to secure the account.”
This isn’t the first time Dorsey’s account was hacked. It has been hacked before, in 2016. The security firm OurMine hacked @Jack and sent a message “testing your security.” The tweet also had a video and a link to OurMine’s website. This is the same hacker group that had hacked other CEOs, like Google’s Sundar Pichai and Facebook’s Mark Zuckerberg.