Starting around 5:45AM AEST, the account of Twitter CEO Jack Dorsey sent out approximately 20 out-of-character tweets, which included the apparent names of a hacking crew, as well as racial slurs.
Among the tweets were allusions to a bomb threat, a link to the Discord chat server of the hacking crew, and a retweet reading “nazi germany did nothing wrong”. While it’s bad optics for the CEO of a tech company to be publicly hacked, it also opens up confidentiality concerns if Dorsey’s Direct Messages are now visible to outside parties.
These unauthorised tweets all display as being sent via Cloudhopper, a messaging infrastructure company acquired by Twitter in April 2010, which enabled users to easily connect to SMS carriers around the world. (At the time, Twitter said that it was processing close to a billion SMS tweets per month.)
Security experts on Twitter have been speculating that Dorsey may have connected his account to the Cloudhopper app and forgotten to revoke the privileges, potentially giving hackers a way to hijack his feed.
Twitter’s VP of Communications confirmed the breach some 15 minutes after it began, and it appears the platform has worked to remove the tweets and retweets that were posted to Dorsey’s account without his consent.
Yes, Jack’s account was compromised. We’re working on it and investigating what happened.
— Brandon Borrman (@bborrman) August 30, 2019