Securing accounts online can be difficult, especially when you’ve got a lot of legacy access points laying around. Today’s example is Twitter CEO Jack Dorsey, whose Twitter account was suddenly hacked to send random messages and racial slurs.
The twitter account of Jack Dorsey Chief Executive Officer was hacked on Friday for approximately 20 minutes and it was used to tweet and retweet dozens of racist post. The rapid stream of tweets included many offensive comments. Some of the tweets contained the hashtag #ChucklingSquad, which was believed to indicate the identity of the hacker group.
Twitter confirmed the hack and regained control of the hacked account within 30 minutes, saying that it had found no indication that the Twitter’s systems were compromised. Twitters description of the breach indicate that the hack was achieved by whats known as a Sim Swap Attack.
Sim swaps often work by enabling a hacker to change a target’s social media passwords.With control of the target’s phone number, a hacker can easily gain access to the account. With control of the target’s phone number, a hacker can intercept text messages needed for two-factor authentication which is an additional form of verification beyond a password to access an account, which usually comes via an text message or email.
Twitter said that the phone number associated with the account was compromised due to a security oversight by the mobile provider which then allowed an unauthorised person to compose and send tweets via text message from the phone number. Twitter has confirmed that issue is now resolved.
This incident raised fresh concerns about how social media users even prominent ones can have their accounts compromised and used for misinformation.