Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Twitter CEO Account Hacked, Offensive Tweets Posted

Twitter said Friday the account of chief executive Jack Dorsey had been “compromised” after a series of erratic and offensive messages were posted.

The tweets containing racial slurs and suggestions about a bomb showed up around 2000 GMT on the @jack account of the founder of the short messaging service before being deleted.

Twitter said Friday the account of chief executive Jack Dorsey had been “compromised” after a series of erratic and offensive messages were posted.

The tweets containing racial slurs and suggestions about a bomb showed up around 2000 GMT on the @jack account of the founder of the short messaging service before being deleted.

Some of the tweets contained the hashtag #ChucklingSquad, which was believed to indicate the identity of the hacker group. The same calling card was left behind during recent hacks of other high-profile social media personalities.

The messages contained racial epithets, and included a retweet of a message supporting Nazi Germany.

Twitter said that the phone number associated with Dorsey’s account was “compromised due to a security oversight by the mobile provider,” allowing a hacker to posts tweets to @jack by sending text messages.

Dorsey’s account has been secured and there was “no indication that Twitter’s systems have been compromised,” according to the San Francisco-based internet firm.

It appeared that tweets posted on Dorsey’s account by the hacker were up for about a half-hour before they were removed.

Pinned atop Dorsey’s account was a tweet from early last year saying: “We’re committing Twitter to help increase the collective health, openness, and civility of public conversation, and to hold ourselves publicly accountable towards progress.”

A barrage of comments fired off on the platform questioned why the Twitter co-founder didn’t secure his account better, and how disturbing a sign it was that the service couldn’t keep its own chief safe on the platform.

“If you can’t protect Jack, you can’t protect… jack,” one Twitter user quipped.

The news comes with Dorsey and Twitter moving aggressively to clean up offensive and inappropriate content as part of a focus on “safety.”

“This might be the only way to get rid of racist tweets on this platform,” a Twitter user commented.

– What happened? –

British-based security consultant Graham Cluley said the incident highlighted the importance of two-factor authentication, where a user must confirm the account via an external service.

Cluley advised people to make sure they use two-factor authentication and check which applications are linked to their accounts.

“While it looks bad, it’s important to remember this is not some state-grade hack,” said R. David Edelman, director of technology, economy, and national security project at Massachusetts Institute of Technology.

“It’s fundamentally an act of petty vandalism; the equivalent of spray painting a billboard above Twitter HQ.”

Cybersecurity researcher Kevin Beaumont said the account appeared to have been hijacked “via a third party called Cloudhopper, which Twitter acquired about 10 years ago and had access to his account.”

Cloudhopper enables users to send tweets on their phones via SMS.

“While it’s tempting to laugh at the irony of it, the real-world consequences don’t make it funny,” University of Hartford communications professor Adam Chiara said of Dorsey’s account being hacked.

“Twitter can tell us that they are becoming more diligent with our privacy and security, but actions speak louder than words.”

The incident raised fresh concerns about how social media users — even prominent ones — can have their accounts compromised and used for misinformation, a point highlighted by Canadian member of parliament Michelle Rempel Garner.

“Between bots, trolls and abuse, I’ve been skeptical about @Twitter as a viable platform for some time now,” Rempel Garner wrote.

“But the fact it took the platform’s owner (@jack) about 30 min to get his hacked account under control is deeply problematic, and makes me worry as an elected official.”

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.