How Twitter CEO Jack Dorsey's Account Was Hacked

Jack Dorsey’s ongoing mission to increase the civility of public discourse suffered a setback Friday, when an anonymous hacker took over his Twitter account for 20 minutes and retweeted @taytaylov3r’s claim that “nazi germany did nothing wrong.”Twitter, as you likely know if you've spent any time there, has an ongoing , well-documented problem with Nazis, white supremacists, and other extremists. It appears taytaylov3r's account has since been suspended.The hijacking of the company CEO's account appears to have started at around 3:45 pm Eastern time, when the @jack account fired off nearly two dozen tweets and retweets. Several of the tweets were tagged #ChucklingSquad, the name of an apparent group of hackers who have been on an account-takeover spree this week. Before Dorsey, they hit numerous influencers, including Zane Hijazi of the popular Zane and Heath podcast, and Anthony Brown, who goes by BigJigglyPanda. Chuckling Squad also appears to have compromised and posted mocking messages to the account of YouTuber Etika, who was found dead in June.
Which makes the @jack hack potentially just the latest, and most high-profile, in a string of takeovers. Twitter confirmed the incident in a tweet—in case anyone thought Dorsey was intentionally making bomb threats from his account—and said that the company was “investigating what happened.”

Brian Barrett via Twitter
Some of the influencers who got hit in the last two weeks have blamed so-called SIM swap attacks , with a particular focus on AT&T. In a SIM swap, a hacker either convinces or bribes a carrier employee to switch the number associated with a SIM card to another device, at which point they can intercept any two-factor authentication codes sent by text message . (It’s hard to stop a determined SIM swapper, but at the very least you should switch from SMS two-factor to an authenticator app ). AT&T did not immediately respond to an inquiry from WIRED about the spate of hacks this month, or whether the @jack incident was related.

Twitter confirmed that it was a SIM issue in a tweet Friday evening.

One potential clue lay in the tweets themselves, which displayed as having been sent from the Cloudhopper client. Cloudhopper was a messaging infrastructure company that Twitter acquired in 2010 to better integrate its service with SMS. That’s led to some speculation that Dorsey was somehow still signed into Cloudhopper for all these years, and the hackers got a hold of that account. But that’s not quite right.