I’m willing to bet my life savings that thousands of social media accounts are hacked per day. I’d back this claim up, but the closest thing I could find regarding hacking statistics is a New York Post article from 2015, claiming that 160,000 Facebook pages are hacked per day.
Whether or not that statistic remains true today, there is a problem with social media security. Remember, it was only 3 years ago that over 32 million Twitter account’s passwords were breached. However, we don’t hear much about social media hacks unless the account belongs to a prominent figure. This week, we saw this in action when Twitter co-founder and CEO Jack Dorsey had his account hacked and used for…indecent tweets.
The Day of Tragedy
On August 30th, Jack Dorsey woke up to a surprise: his account hacked. During the time of the hack, his account sent out profane tweets, such as ones containing racial slurs and neo-Nazi rhetoric. Of course, I’m not going to into detail about what was said, but I’m sure some of Dorsey’s 4.2 million followers screenshot ted it for future evidence.
About a dozen tweets or more were sent out before the account was quarantined. So, when you think about it, 4.2 million people saw random racist tweets in their timeline. Not exactly a good look for Dorsey, since I doubt some of those followers will bother reading the news about his account being hacked.
One of the tweets sent out contained a link to a Discord server populated with the hackers, who were apparently attempting to sift through Dorsey’s private messages and were seemingly praising United States President Donald Trump. Fortunately for Dorsey, they weren’t successful in their endeavor.
The Discord server was shut down quickly after the link was posted and Dorsey got his Twitter account back soon after. But the question remains: how did they get in? Was it a simple IP address hack? Maybe a complex hack that took years to set up?
The Method of Attack
The attack was actually quite simple. The hackers performed what is known as a “SIM hack”. Twitter has a text-to-tweet service run by provider Clodhopper, which allows a user to use their phone number as a way to tweet; just text 40404 what you want to tweet and it’ll be tweeted to the account the phone number is linked to. Simple, easy, and convenient.
However, it’s dangerous. Twitter posted a statement claiming that Clodhopper experienced a security oversight that let the hackers, the group Chuckling Squad, assign Dorsey’s phone number to their own phone, letting them text whatever they tweeted onto his account.
There’s been a rise of SIM hacks, though not many are used to attack social media accounts. However, Chucking Squad is known for hacking online influences; Dorsey was just the next victim on their list. Who’s next, I wonder?
While Clodhopper can be blamed for the attack, Twitter has responsibility in this issue as well. Since their text-to-tweet service is run by them. You’d think that the CEO’s account would be protected more than a regular user’s account, considering that, you know, the CEO is the face of the company. As I mentioned earlier, not everyone who saw those tweets will know it was a hacker saying it, so the chances of this incident damaging Dorsey’s, and Twitter’s reputation is almost guaranteed.
Overall, this is a pretty bad look for Twitter. I’m sure Jack Dorsey will never be able to leave it down, and I predict a bunch of security improvements for their text-to-tweet service in the future. That is if they care about this situation not happening again, and I’m sure they do since it affected the company itself. Or maybe we’ll be talking about all this again real soon. Who knows anymore?