The hackers reference themselves as the “Chuckling Squad”. They also shared a link to a Discord server, where users were boasting about the hacks just before the account was hacked. Twitter later confirmed they have regained control of the account within half an hour and also debunked the bomb threat.
How Was the Account Hijacked?
Later that evening, the company put out a statement and blamed Dorsey’s mobile phone company for the hack. According to Twitter’s description of the attack, it appears that the hack was done by Sim swap attack. Sim Cards are like Identity card used by telecommunications networks. SIM swaps happen when a hacker is able to convince the telecom to switch a particular phone number to different Sim card. Hence, giving the hacker access to the phone number. This swap usually takes place through bribery or trickery of low-level employees. However, this doesn’t seem to be the case in this hack. Sim swaps work as the hacker can change the target’s social media password with a forgot password text message. However, Jack’s uses two-factor authentication login on his personal Twitter, and a single text won’t be enough for the hack. The Discord server that was shared by the hackers saw users sent messages to have a close view on Twitter before the hijack. The server was shut down after 1 pm.
This Breach isn’t New!
Dorsey isn’t the first CEO of a major tech company to suffer such an embarrassment. This isn’t the first time his account was hacked. Back in 2016, a hacking group known as OurMine Security took control of various celebrities and tech executives account, including Jack Dorsey, Sundar Pichai, and Mark Zuckerberg.