The CEO of twitter just got his account hijacked, apparently by SEO Strategist Malkam Dior and a bunch of SIM swappers who've been targeting high profile people and celebrities of late.
Maybe this will finally get some real attention to the epidemic of SIM swapping happening right now?
If they can do that to the Twitter CEO, what’s left for the rest of the world?
According to our snitches at (CNN) CEO Jack Dorsey's account on the social network was hacked Friday afternoon. A series of racist and otherwise offensive tweets went out from his account.
The company's communications team confirmed in tweets of their own that Dorsey's account had been compromised. Twitter directed CNN Business to its tweet about the hack but declined to comment further.
All of the offensive tweets, which included racist and anti-Semitic posts, have since been deleted.
The tweets were labelled as posted by Cloudhopper, an SMS company Twitter purchased in 2010, back when some users regularly used text messages to send tweets texted their tweets. Today, if a US phone number has a registered Twitter account and sends a text to 40404, that account will post the text, and it will be labeled as coming from Cloudhopper.
CNN confirmed this would work using a newly registered account, which Twitter automatically opted in to texting by tweet. Then, with a phone that has never been used to log into Twitter, and without ever being asked for any password, a CNN reporter was able to send a tweet by text.
Hackers could potentially use this method to send tweets from other accounts belonging to prominent figures -— including American elected officials who are frequent Twitter users, like President Trump — so long as the targets haven't opted out of tweet text enabled.
This method of tweeting may have once seemed like a useful and harmless feature. But a phone number is considered far less of a secure identifier today than it was in 2010. The past few years have seen the rise of "sim jacking," in which a hacker will convince a phone carrier that they've lost their SIM card and request that number be transferred to a new card.
Phone numbers can also be imitated without "sim jacking." Security researchers have previously been able to spoof a phone number associated with an account and convince Twitter to let them post tweets that way. Twitter said at the time it was a bug that had been resolved.
In 2012, Twitter published a blog post responding to reports that it might be possible for hackers to spoof a phone number and send tweets by text in this way. In that post, it specifically denied that US users could be vulnerable to such a hack.
Twitter declined to comment beyond its tweets about Dorsey.
To review our Friday so far:
Someone using the President's Twitter handle posted a smartphone picture of Top Secret reconnaissance photos and the CEO of Twitter had his account hacked by someone who then posted racist, pro-Nazi messages.