Which makes the @jack hack potentially just the latest, and most high-profile, in a string of takeovers. Twitter confirmed the incident in a tweet—in case anyone thought Dorsey was intentionally making bomb threats from his account—and said that the company was “investigating what happened.”Some of the influencers who got hit in the last two weeks have blamed so-called SIM swap attacks , with a particular focus on AT&T. In a SIM swap, a hacker either convinces or bribes a carrier employee to switch the number associated with a SIM card to another device, at which point they can intercept any two-factor authentication codes sent by text message . (It’s hard to stop a determined SIM swapper, but at the very least you should switch from SMS two-factor to an authenticator app ). AT&T did not immediately respond to an inquiry from WIRED about the spate of hacks this month, or whether the @jack incident was related.
Twitter confirmed that it was a SIM issue in a tweet Friday evening.
One potential clue lay in the tweets themselves, which displayed as having been sent from the Cloudhopper client. Cloudhopper was a messaging infrastructure company that Twitter acquired in 2010 to better integrate its service with SMS. That’s led to some speculation that Dorsey was somehow still signed into Cloudhopper for all these years, and the hackers got a hold of that account. But that’s not quite right.