The Twitter account of Twitter and Square CEO Jack Dorsey, @jack, has been hacked.
According to the official Twitter Communications, an investigation into the matter confirms that there was “no indication” that the platform’s computer systems are being hacked.
A few hours following the incident, Twitter’s management revealed,
“The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.”
Friday’s @jack hack ignited a firestorm on crypto Twitter with enthusiasts saying the hack of Dorsey’s Twitter handle is a red-hot alert for anyone operating online accounts, including people who are using their smartphones to transact Bitcoin and crypto, managing private passwords and other sensitive details associated with their accounts.
The hackers, who exploited Twitter’s text-to-tweet service Cloudhopper, tweeted racist comments and other offensive messages for about 15 minutes before the Twitter security team managed to regain control of Dorsey’s account.
The attack, known as SIM hacking, involves convincing a phone company’s carrier to assign the victim’s number to another phone that is controlled by the hackers. It’s a fairly old hacking technique that is now increasingly being used to steal Bitcoin and other cryptocurrencies.
Sometimes, hacking an account can be as straightforward as entering a leaked password. In order to prevent an account from being compromised in this manner, users can add a PIN code to their accounts. With enough technical expertise, they can also register internet accounts like Twitter via dummy phone numbers.
Crypto traders and investors on Twitter reacted with recommendations of extreme caution.
ATTENTION: If the CEO of Twitter can get his account hacked on his own platform, I promise your bitcoin is likely MUCH more vulnerable.
Use two-factor authentication where ever possible.
Get your bitcoin off exchanges.
— Rhythm (@Rhythmtrader) August 30, 2019
Users suggested not associating a phone number with Twitter accounts.
Other users questioned Twitter’s ability to provide an adequate level of security.
if jack dorsey of all people can be hacked out of his twitter acc, what does thay say about twitter's security?
— Andrés Cardoza (@leantath) August 30, 2019
Meanwhile, Twitter user Crux explains how the hack might have occurred.
They were able to gain access to his account because someone working for his mobile carrier was able to switch his phone # to a burner phone, and with 2 Factor Authentication if you have the phone number tied to an account you can gain access to it by resetting the password.
— Crux (@Crux_R6) August 31, 2019
So in other words, it was mostly the fault of the carrier for having employees who are so willing to change a persons account details without actually speaking to the account holder. But there is something to be said about the ease at which this was accomplished on twitters end.
So in other words, it was mostly the fault of the carrier for having employees who are so willing to change a persons account details without actually speaking to the account holder. But there is something to be said about the ease at which this was accomplished on twitters end.— Crux (@Crux_R6) August 31, 2019
Dorsey, a Bitcoin enthusiast, launched Square Crypto earlier this year to spur development of the Bitcoin network and to spark mainstream adoption.