It’s always worrying when a social media company cannot keep
its own employees from being hacked; especially its own CEO.
Twitter’s CEO, Jack Dorsey, got an unpleasant shock when a
group of hackers/vandals managed to gain access to his Twitter account. During
this time they posted a plethora of offensive messages and plugs for their
Discord channel. 15 minutes after the first post, Twitter had managed to take
control of the account again.
The hackers got in through Twitter’s text-to-tweet service,
operated by the acquired service Cloudhopper. With Cloudhopper, Twitter users
can post tweets by texting messages to an SMS number, usually 40404. It’s a
useful trick for “SimplePhones” or if you just don’t have access to the Twitter
The hackers got access to Dorsey’s account by convincing a
carrier to assigning Dorsey’s number to a new phone that they controlled. This
kind of attack is called SIM hacking.
Making it easier to post on Twitter also made it more vulnerable
to hacking. The problem is that SIM Swapping Hacking has been around for ages
and is relatively easy to do.