A slew of contentious tweets and racist slurs were retweeted from Twitter Chief Executive Jack Dorsey's account after it was hacked by a group called "Chuckling Squad" on Friday. Twitter secured the account later and called the incident a "security oversight".
An investigation by the social media company revealed that the phone number associated with the account was compromised due to a security oversight by the mobile provider.
The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.— Twitter Comms (@TwitterComms) August 31, 2019
Clarifying that Twitter's systems have not been compromised, the company explained that the phone number was used by the unauthorised person to log in and operate the account.
The controversial tweets that stated Adolf Hitler was innocent and racist slurs directed towards black people and jews. A tweet also suggested an "intel" which claimed that there was a bomb at the Twitter headquarters. All tweets including the one retweeted carrying problematic elements were deleted and the mentioned accounts suspended within half an hour.
The tweets also contained a link of Discord chat. The popular messaging app took down the server hosting the chat. A Buzzfeed reported that the discussions on the chat suggested that the hackers were planning to target President Donald Trump's account as well.
The tweets were sent via a company called Cloudhopper which was a text messaging service that Twitter acquired in 2010. The service linked user's twitter account with text messages and enabled direct posting on Twitter via a source that would include a "Cloudhopper" source at the bottom. It is suggested that a group calling themselves "Chuckling Squad" carried out the attack.
According to Verge, the group is also likely to be responsible for hacking the accounts of popular social media influencers, including makeup vlogger James Charles, comedian King Bach and Shane Dawson, earlier this week.
Users had suggested that their accounts were hacked following the SIM card swap conducted by AT&T employees.
Security researcher Brian Krebs also held SIM swapping attack as a possible hacking method used to target Dorsey's account. He told Reuters, Dorsey may have been the victim of the SIM scam, in which a mobile provider is tricked or otherwise convinced to transfer a targeted person's phone number to a SIM card, controlled by someone else.
While AT&T spokesperson had told Verge that they were working with law enforcement to help secure the account regarding the previous Youtube celebrity hackings, they have not commented on Dorsey's account compromise incident. Twitter has not revealed the name of Dorsey's service provider.
Dorsey's account was hacked previously in 2016 by a group called OurMine, which had also compromised the accounts of Google CEO Sundar Pichai and Facebook CEO Mark Zuckerberg. The group had said that it was "testing" the security.