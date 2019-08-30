Latest in Entertainment

Image credit: Matt Crossick - PA Images via Getty Images
Twitter CEO Jack Dorsey's account has been compromised, again

It appears hackers are using SMS to send messages from the exec's account.
Richard Lawler, @Rjcc
1h ago in Security
Securing accounts online can be difficult, especially when you've got a lot of legacy access points laying around. Today's example is Twitter CEO Jack Dorsey, whose Twitter account has suddenly been hijacked to send random messages and racial slurs. A quick look at the messages (which are quickly being deleted) identifies their source as Cloudhopper, an SMS service Twitter acquired back in 2010.

While newer users may not remember this period, but there was a time when SMS was the main way to use Twitter, and some have noted that Dorsey was still posting using text messages as recently as this year. Twitter announced that it is aware the account has been compromised and is investigating. I confirmed on my own account that texting 40404 from my registered number still works, and identifies the tweet's source app as Cloudfront. With no option for other protections, tweeting from Dorsey's account (or anyone else's) is just as easy as pulling off the increasingly common SIM hijack to steal their phone number.

This isn't the first time someone's used a backdoor to send messages from Dorsey's account, however. In 2016, the group calling itself "OurMine" hijacked a number of high-profile accounts, including @Jack, and alleged that Vine stored passwords insecurely.

Coverage: Washington Post
In this article: cloudhopper, entertainment, internet, jack dorsey, security, services, sms, Twitter
