Twitter CEO Jack Dorsey's ongoing mission to increase the vitality of public discourse suffered a setback Friday when an anonymous hacker took over his account for 20 minutes and retweeted @taytaylov3r's claim that "Nazi Germany did nothing wrong. "
(19659002) (Twitter, which you probably know if you've spent some time there, has an ongoing, well-documented problem with Nazis, white supremacists and other extremists. It seems taytaylov3r's account has since been suspended.)
The account hijacking appears to have started around 3:45 pm ET, when the @ jack account fired nearly two dozen tweets and retweets. Several of the tweets were tagged #ChucklingSquad, the name of an apparent group of hackers who have been involved in an account takeover this week. Prior to Dorsey, they met many influencers, including Zane Hijazi of the popular "Zane and Heath" podcast, and Anthony Brown, of BigJigglyPanda . Chuckling Squad also appears to have compromised and posted ridiculous messages to the account of YouTuber Etika, which was found dead in June.
Which makes the @ jack hack potentially just the latest and most high-profile, in a series of acquisitions. Twitter confirmed the incident in a tweet – in case someone thought Dorsey intentionally made bomb threats from his account – and said the company was "investigating what happened."
Twitter has not yet offered any more details about what happened here. While Chuckling Squad's mode modus operandi is still unknown at this time, some of the influences hit over the past two weeks have blamed so-called SIM swap attacks, with a particular focus on AT&T. In a SIM swap, a hacker persuades or hacks an employee to swap the number associated with a SIM card to another device, at which time they can cut off any two-factor authentication codes sent by text message. (It is difficult to stop a specific SIM switch, but at least you should switch from SMS-to-factor to an authentication app). AT&T did not immediately respond to a WIRED inquiry about the mound of hacks this month, or whether the @jack incident was related.
A potential clue may lie in the tweets themselves, which turned out to be sent from the Cloudhopper client. Cloudhopper was a messaging infrastructure company that Twitter purchased in 2010 to better integrate its service with SMS. It has led to some speculation that Dorsey was somehow still logged into Cloudhopper all these years, and the hackers got hold of that account. But that doesn't quite match.