Jack Dorsey hacked: What did the hack on Twitter remind us of?

Hackers managed to take control of Twitter CEO Jack Dorsey's account for about 15 minutes on Friday afternoon.

Of course, right after that they started celebrating with tweets that were not so elegant. Before the technicians could get the account back and delete the tweets, the hackers announced their name: Chuckling Squad. It is a group that has recently managed to breach several YouTube star accounts.

 

Jack Dorsey

A brief hacking of a high-profile person's account may seem like a simple, or at least simpler, hack to hack into a company's systems.

However, this profile was the CEO of a large social media company, and was violated on his own platform.

After Friday's hack, we can focus on three points that many of us have probably forgotten.

Check your Twitter app permissions now.

The details of Friday's hack have not been revealed, but tweets from Dorsey's account appear to have been posted using a service called Cloudhopper.

Twitter acquired a startup called Cloudhopper in 2010. The app allows users to post tweets from their phone via SMS or text messages without connecting to Twitter. If Jack Dorsey had enabled Cloudhopper, this could have allowed hackers to post from his account without having to steal his Twitter password. There were also indications that they gained access to his mobile phone number through a technique called SIM-swapping, instead of his Twitter account.

Cloudhopper is not an accidental, malicious third-party application. It has long been integrated into Twitter itself. Surely no one knows if Dorsey could have prevented the attack by disabling it.

However, it is a good reminder that your account can be compromised through various applications and services that you have given access to and over time you have completely forgotten about them, as Dorsey may have forgotten Cloudhopper.

Checking your Twitter licenses should be frequent and if you have not done so it would be good to do so immediately. If you see applications that you do not recognize or trust, you should revoke their access to your account.

https://twitter.com/settings/applications

Let's look at Sim swapping

Security experts warn for a long time for a SIM replacement technique. Basically someone is convincing the mobile phone provider to change your SIM card. How; They can pretend to be you, or they can pay an employee, or work with someone in the company. We will not look for it, but it has happened and will continue to happen.

Once they get access to the card, they essentially have your phone: not the hardware but your phone line itself. This is of course a huge problem because the default method of protecting various online accounts is two-factor authentication, which often uses your hotline. So if an app like Facebook or Twitter asks for a verification code to give you access, the password will be sent to the phone of the person who stole your number.

In this case, it seems the hackers needed the phone number for Cloudhopper. Security investigators say Dorsey's account was probably created with a change of SIM, as this is the way the Chuckling Squad team is used.

Unfortunately, you can do nothing to fully protect yourself from an attack Sim-swapping. One measure that can help you is to use authentication applications such as Google Authenticator, instead of your phone number, for the two-factor authentication you use, to the services that allow it, of course.

 

It could have been worse

A hack on a CEO's account is not the best thing for a company's reputation. But imagine what could happen if President Trump's account was violated.

A capable hacker who could gain access to an account like Trump's could, in theory, cause significant damage.

Imagine being able to post tweets that shake up markets or move troops. Jack Dorsey has been saying for years that Twitter security is a top priority. After that it should review its user protection practices. So as not to look worse.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).