Last week, the Twitter account of Twitter CEO Jack Dorsey was hacked by a group that calls themselves the Chuckle Squad. The security breach did not last very long, thankfully, but the unauthorized users were still able to temporarily use the account to post tweets on various controversial topics.
The method used to hack the account was an indirect text-to-tweet service feature that allows users to instantly post a tweet by entering 404-04 plus the number associated with a specific Twitter account. In this case, the hackers were somehow able to get a hold of Jack Dorsey’s phone number that was connected to his main Twitter account. It was then just a simple manner of texting anything and sending it using his phone number plus the aforementioned 404-04 shortcode in order for his Twitter account to post tweets that are out of his active control.
The official report has stated that the incident was due to a “security oversight by the mobile provider”. An old company, Cloudhopper, was the firm responsible for the SMS integration service used to hack the account. While it was already several years ago since the company was acquired by Twitter, its service became integral to the company’s mobile communication platform. In fact, when you use the same text-to-tweet service, the tweet will indicate the source of the post as “Cloudhopper”.
The tweets made by the hackers were, as mentioned, had topics that were mainly controversial in nature, such as racism and conspiracy theories, among others. Some other tweets were invitations to action towards the account’s 4.2 million followers, goading them to make the posts trending, or even directly posting a Discord server link for people to join in.
The security breach lasted for about 15 minutes before the hackers were no longer able to post new tweets, and the numerous unauthorized offensive tweets made were removed. After the incident, Twitter posted an official update stating that:
As for the hacking group itself, Chuckle Squad seems to have been actively doing similar activities for the past few years, also targeting similarly high profile targets within the industry. According to Treyex Hub, at least “ten social media influencers” got their Twitter accounts hijacked by Chuckle Squad within just this year. The end objective is the same, acquire their phone numbers, then use it to indirectly post unauthorized tweets.
To be fair, this was not the first time that the Twitter CEO’s own Twitter account was hacked. Three years ago in 2016, another group, named OurMine, was also able to indirectly access Jack Dorsey’s account. Though, at that time, the post was mostly benign, a simple warning message saying “testing your security”.
Featured Image credit by Sam via Twitter