Jack Dorsey's Twitter Account Hacked via SIM Swap Attack

Jack Dorsey, co-founder and chief executive of Twitter, had his personal account on the platform compromised by hackers on Friday, August 30, 2019. The breach, which lasted approximately 15 to 20 minutes, resulted in the posting of offensive and racist remarks, as well as a bomb threat.

Account Compromise Details

The @jack account, which has over four million followers, began tweeting and retweeting controversial messages around 3:45 pm Eastern time, or shortly before 1 p.m. in San Francisco. These messages included racial slurs, anti-Semitic remarks, and a bomb threat directed at Twitter's headquarters. One retweet from @taytaylov3r claimed "nazi germany did nothing wrong." Another tweet from the compromised account linked to a Discord chat and retweeted a message that read, "follow me i am jacks daddy." The tweets were removed within about 20 minutes of publication.

A group identifying itself as the Chuckling Squad claimed responsibility for the breach, tagging several tweets with #ChucklingSquad. Twitter confirmed the incident in a tweet and stated that the company was "investigating what happened."

Method of Attack: SIM Swapping

Twitter stated that its own systems were not compromised, attributing the incident to a security oversight by an unnamed mobile operator. A company spokesperson explained, "The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorised person to compose and send tweets via text message from the phone number. That issue is now resolved."

Sources at the company and familiar with the situation confirmed that the hackers used a technique known as "SIM swapping" or "SIM jacking" to gain control of Dorsey's account. This technique involves transferring an existing phone number, in this case, one associated with Dorsey's account, to a new SIM card. This is typically achieved after attackers trick or bribe customer support staff at a mobile provider. By taking control of the phone number, the attackers were able to post tweets via text message directly to Dorsey's Twitter account.

While most users today tweet via mobile apps, Twitter's original design allowed for updates via text message, a feature that has been maintained, partly for use in developing countries with high data costs. Some influencers affected by similar attacks in the two weeks prior to Dorsey's incident have specifically blamed AT&T for SIM swap vulnerabilities.

Chuckling Squad's Previous Activities

The Chuckling Squad has taken credit for a series of high-profile Twitter account takeovers. Prior to the breach of Dorsey's account, the group targeted numerous influencers. These included Zane Hijazi of the Zane and Heath podcast and Anthony Brown, known as BigJigglyPanda. The group also appears to have compromised and posted mocking messages to the account of YouTuber Etika, who was found dead in June. Another beauty vlogger, James Charles, was also mentioned as a target of the Chuckling Squad.

A chat channel on Discord was reportedly set up by the group to discuss and joke about the attack on Dorsey's account, but it was quickly shut down. The incident, while attributed to an external security lapse, represents an embarrassing event for Twitter and its CEO.

Key Facts

• Jack Dorsey's Twitter account was compromised on Friday, August 30, 2019.
• The breach lasted approximately 15 to 20 minutes.
• The hackers posted racial slurs, anti-Semitic remarks, and a bomb threat.
• The group responsible identified itself as the Chuckling Squad.
• The method of attack was a "SIM swap" or "SIM jacking," exploiting a mobile provider's security oversight.
• Twitter's internal systems were not compromised.