Twitter CEO Jack Dorsey fell victim to a SIM swap fraud hack, Twitter reporting on its @TwitterComms feed. The hack potentially exposed the bank account and payments information of one of the world’s most influential social media executives. In addition, the hackers were able to use their access to the high-profile account to make a number of racist and otherwise offensive tweets before Dorsey or Twitter cold regain control of the account.
We're aware that @jack was compromised and investigating what happened.
— Twitter Comms (@TwitterComms) August 30, 2019
SIM swap fraud is an increasingly common type of eCommerce account takeover (ATO) fraud attack. The attack involves fraudsters successfully bypassing two-factor authentication in order to gain access to the target account. Once they have access, the fraudsters can then change package delivery information before making purchases and having the stolen merchandise shipped to their fraudulent drop off point.
Although things like tokenization and biometric security can help to prevent ATO attacks, it’s unclear if Dorsey enabled these methods. Without them, fraudsters are increasingly adept at gaining access to information such as passwords and social security numbers that can be used to successfully impersonate an account’s legitimate holder.
Twitter did not provide additional details about the specific methodology or compromised information used to carry out the attack. However, the @TwitterComms account did tweet out a message insinuating that the blame lay with Dorsey’s mobile provider, but declined to provide any detail. In addition, it stated hackers no longer controlled the account, which has presumably been returned to
“The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved,” the account said.
The fact that the CEO of Twitter could fall victim, underscores the sophistication with which today’s cyber thieves operate, and the need for credit card consumers to remain vigilant about security at all times.