A group of hackers calling itself the Chuckling Squad hacked Twitter CEO Jack Dorsey’s own Twitter account on Friday afternoon, using the account to tweet out racist messages and other offensive messages.
A Twitter spokeswoman confirmed that Dorsey’s account, @jack, had been compromised and told Digital Trends that the company was investigating the hack, but could not give any additional details about how it happened. The account has a huge platform, with 4.2 million followers.
The hackers took over the account at some point on Friday afternoon, tweeting “#ChucklingSquad get it trending for the Twitter password,” just after 12:45 p.m. PT. More tweets, including some racist and anti-Semitic retweets, came from the account for about 15 minutes before being deleted. It’s not clear if the group also had access to Dorsey’s direct messages, though that’s likely if they had full access to his account.
We're aware that @jack was compromised and investigating what happened.
— Twitter Comms (@TwitterComms) August 30, 2019
The group also invited people to join its Discord server “to Chuckle with us,” though that server seems to have gone offline in the past hour.
.@Jack’s account has been hacked.
The Tweets are coming from a source called Cloudhopper. Cloudhopper was the name of the company Twitter acquired a long time ago to help bolster their SMS service.
Looks like the hackers are Tweeting via the old SMS service… pic.twitter.com/YcU3DTn9wS
— Sam (@Hooray) August 30, 2019
The tweets appeared to be posted from an app called Cloudhopper, an MMS company that Twitter acquired way back in 2010. It’s very possible that Dorsey had connected Cloudhopper to his account, granted it a variety of permissions, and then forgot it was there — until someone managed to hack Cloudhopper and use those permissions to get into the account.
One other possibility for the hack: Someone spoofed Dorsey’s phone number in order to access his account or even reset his password. Phone number spoofing is fairly accessible, which is why you get so many robocalls with fake numbers. Presumably, Dorsey should have some kind of additional protections on his account — seeing as he runs Twitter — but it looks like it may have some of the same vulnerabilities as a normal user.
A single Twitter account has enough power to move stock markets or sway geopolitics. Just look at President Donald Trump’s account, which has done both, but also was vulnerable enough that a Twitter contractor was able to delete it entirely in 2017.
This isn’t the first time Dorsey’s account was hacked — a group of hackers associated with the OurMine group took over his account in 2016.
This is a breaking news story and will be updated.