Hackers managed to take control of the CEO's account Twitter, Jack Dorsey, for about 15 minutes on Friday afternoon.
Of course, right after that they started celebrating with tweets that were not so elegant. Before the technicians could get the account back and delete the tweets, the hackers announced their name: Chuckling Squad. It is a group that has recently managed to breach several YouTube star accounts.
A brief hacking of a high-profile person's account may seem like a simple, or at least simpler, hack to hack into a company's systems.
However, this particular profile was the CEO of a large social media company, and his profile was hacked platform.
After Friday's hack, we can focus on three points that many of us have probably forgotten.
Check your Twitter app permissions now.
The details of Friday's hack have not been revealed, but tweets from Dorsey's account appear to have been posted using a service called Cloudhopper.
Twitter acquired a startup called Cloudhopper in 2010, The app allows users to post tweets from their phone via SMS or text messages without logging into Twitter. If Jack Dorsey had enabled Cloudhopper, it may have allowed hackers to post from his account without having to steal his Twitter password. There were also indications that they gained access to his number mobile of his phone, through a technique called SIM-swapping, instead of his Twitter account.
Cloudhopper is not an accidental, malicious third-party application. It has long been integrated into Twitter itself. Surely no one knows if Dorsey could have prevented the attack by disabling it.
However, it is a good reminder that your account can be compromised through various applications and services that you have given access to and over time you have completely forgotten about them, as Dorsey may have forgotten Cloudhopper.
Checking your Twitter licenses should be frequent and if you have not done so it would be good to do so immediately. If you see applications that you do not recognize or trust, you should revoke their access to your account.
https://twitter.com/settings/applications
Let's look at Sim swapping
Security experts warn for a long time for a SIM replacement technique. Basically someone is convincing the mobile phone provider to change your SIM card. How; They can pretend to be you, or they can pay an employee, or work with someone in the company. We will not look for it, but it has happened and will continue to happen.
Μόλις πάρουν την πρόσβαση στην κάρτα, έχουν ουσιαστικά το τηλέφωνό σας: όχι το hardware αλλά την ίδια την τηλεφωνική σας line. Αυτό φυσικά είναι τεράστιο πρόβλημα επειδή η προεπιλεγμένη μέθοδος προστασίας διαφόρων λογαριασμών στο διαδίκτυο είναι η επαλήθευση δύο παραγόντων, η οποία χρησιμοποιεί συχνά την τηλεφωνική σας γραμμή. Έτσι, εάν μια εφαρμογή όπως το Facebook ή το Twitter ζητήσει ένα κωδικό επιβεβαίωσης για να σας επιτρέψει την πρόσβαση, ο κωδικός θα σταλεί στο τηλέφωνο του ατόμου που έκλεψε τον αριθμό σας.
In this case, it seems the hackers needed the phone number for Cloudhopper. Security investigators say Dorsey's account was probably created with a change of SIM, as this is the way the Chuckling Squad team is used.
Unfortunately, you can do nothing to fully protect yourself from an attack Sim-swapping. One measure that can help you is to use control applications ID cards, like the Google Authenticator, instead of your phone number, for the two-factor authentication you use, to the services that allow it, of course.
It could have been worse
A hack on a CEO's account is not the best thing for a company's reputation. But imagine what could happen if President Trump's account was violated.
A capable hacker who could gain access to an account like Trump's could, in theory, cause significant damage.
Imagine being able to post tweets that shake up markets or move troops. Jack Dorsey has been saying for years that Twitter security is a top priority. After that it should review its user protection practices. So as not to look worse.
