Jack Dorsey’s Twitter account was attacked on August 30. Trouble makers managed to break the secured access and flooded account with abusive content. All those antisemitic posts were publicly displayed for all the 4.2 million subscribers of Twitter CEO within 15 minutes before it was won back by the team.
The technical specialists found out that hackers broke through the text-to-tweet service performed by the Cloudhopper service. This instrument allows Twitter users to post their messages on the platform if there is no possibility to access Twitter account or user has the basic phone without apps. Advanced twitters know that there is a 40404 code to send the twit. After that, the system will ask to insert your number attached to the account, and the post is published. This is an utterly unsafe method because you can send anything on behalf of another person without the consent of the account owner.
As a result the very “security oversight” allowed black hats to possess Dorsey’s account, besides if he’s a public person and it’s not difficult to get his number. Experts classify this as a broadly used SIM card hacking method. The name of the originator is also disclosed – Chuckling Squad, and this is not the first case of this jokers. Earlier, they did the same trick with AT&T, which is another carrier of Dorsey, but the company didn’t reply to comment on the incident.
This attack proves the need for access encryption once more. Twitter intended to ease the posting procedure and make the service available for everyone, but in practice, it backfired on them.
