Is it really hacking when they just pull back the curtain and everyone sees the true Jack Dorsey?
posted by tclark at 3:22 PM on August 30, 2019 [23 favorites]

Why doesn't anyone witty ever get into hacking?
posted by selfnoise at 3:24 PM on August 30, 2019 [27 favorites]

I mean, if someone really wanted to make headlines by hacking @jack, the tweet would be “I have seen the light. It is time to ban the Nazis.”
posted by FallibleHuman at 3:36 PM on August 30, 2019 [62 favorites]

It's been pointed out in several places that Discord reacted much faster to the hackers using Jack's account to link to a discord chat than Twitter did to its CEO's account being compromised.
posted by ethansr at 3:39 PM on August 30, 2019 [21 favorites]

Apparently the account was compromised and tweeting unsanctioned things for a *full 15 minutes.* Which in Twitter land is akin to several geological aaaaaages.

Shows what a bunch of chucklefucks are running things over there..
posted by Faintdreams at 3:49 PM on August 30, 2019 [5 favorites]

I'm gonna go with 'seems to have been hacked, maybe' until having more proof.
posted by signal at 3:49 PM on August 30, 2019 [4 favorites]

Ah yes, the old "my account was hacked" defence. ¯\_(ツ)_/¯
posted by SonInLawOfSam at 4:10 PM on August 30, 2019 [7 favorites]

I happened to be on Twitter when this went down. The comments were typical script kiddie vulgarities for the lols, and shoutouts to friends. The pearl clutching tweets in between the slurs and braggadocio was darkly funny. My favorite hacker comment was one that read 'Unsuspend my shit u bald skeleton head tramp.'

posted by KHAAAN! at 4:39 PM on August 30, 2019 [14 favorites]

SMS 2-factor auth is just extra work for hackers and is fundamentally insecure. Please stop wasting everyone's time with it.
posted by GuyZero at 4:55 PM on August 30, 2019 [4 favorites]

SMS 2-factor auth is just extra work for hackers

I mean, that's kind of the point. What do you propose instead? TOTP? I'm fine with that, but good luck getting the average user to adopt it. Most people can't even be bothered with SMS-based 2FA.
posted by escape from the potato planet at 5:05 PM on August 30, 2019 [2 favorites]

Now imagine this was President Trump's account, and it was hacked by someone who had a more clever idea than "hurf durf I'll tweet some offensive things".
posted by Nelson at 5:08 PM on August 30, 2019 [13 favorites]

I feel like the problem with SMS 2FA is that it's too easy to fraudulently take over a phone number, and it's too easy to fraudulently take over a phone number because FCC rules require it to be too easy to take over a phone number. It's no longer 2004 where voice calls are the only thing phone numbers are good for, if you want to take your old number to a new carrier you should at least have to do that in person, with a photo ID, and your current cell phone. If you can't manage that, then a new phone number might be right for you.
posted by Mr.Encyclopedia at 5:16 PM on August 30, 2019 [5 favorites]

> Now imagine this was President Trump's account, and it was hacked by someone who had a more clever idea than "hurf durf I'll tweet some offensive things".

There is another theory which states that this has already happened.
posted by glonous keming at 5:19 PM on August 30, 2019 [23 favorites]

How imagine this was President Trump's account, and it was hacked by someone who had a more clever idea than "hurf durf I'll tweet some offensive things".

At this point we send in Kurt Russell on a glider to retrieve the President's twitter password before the nukes are in the air.
posted by Query at 5:33 PM on August 30, 2019 [17 favorites]

“Just imagine the head of Twitter's security team right now, on seven different kinds of mushrooms, nude, in a giant bamboo steampunk rocketship called the Love Temple, ignoring his push notifications” @tomgara
posted by The Whelk at 6:23 PM on August 30, 2019 [19 favorites]

"Sorry, my friend used my phone!"
posted by madajb at 6:53 PM on August 30, 2019 [2 favorites]

When I first learned that Dorsey's Twitter handle is @jack, I just started laughing and equating him with Handsome Jack, the villain in Borderlands 2. ("Hey, everybody! Jack here! Oh hey, been some time since I tried to kill you. Ugh, these pretzels suck. I just bought a pony made of diamonds, cause I'm rich. Say hello, Butt Stallion. *whinney* Butt Stallion says hello.")

Nothing that Dorsey has done in real life hasn't changed this first impression. ("Did you see when I shot her in the head! Splooge, hahaha! Wilhelm, kill these savages.")
posted by SPrintF at 7:01 PM on August 30, 2019 [15 favorites]

Twitter sez

The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.

Sure sounds like someone stole Jack's phone account and faked out Twitter authentication. May or may not be related to SMS 2FA; IIRC Twitter has a whole option for recovering an account via SMS alone, from all the way back in the beginning when Twitter was an SMS based product.

For a fun listen the Reply All podcast has a whole episode on this kind of attack, The Snapchat Thief. Alex gets deep into a chat room where some of the account thieves and swappers hang out, it's pretty funny.
posted by Nelson at 7:29 PM on August 30, 2019 [5 favorites]

When I first learned that Dorsey's Twitter handle is @jack, I just started laughing and equating him with Handsome Jack

I honestly thought I was the only person with that exact mental connection. I’m not on Twitter much (and feel good about that) so I didn’t even know who Dorsey was until a couple years ago (ditto) when people started complaining about inaction re: the alt-right. Once I found out I immediately began thinking of him as Handsome Jack cracking jokes about Butt Stallion, and I’ve never been given reason to stop.
posted by Ryvar at 7:36 PM on August 30, 2019 [5 favorites]

If the hackers had used the word "bedbug," they'd have faced justice much sooner.
posted by delfin at 9:24 PM on August 30, 2019 [4 favorites]

I have an AT&T phone. Turns out 1Password, which i already use, can be an authenticator. Off to switch everything over.
posted by Johnny Wallflower at 9:47 PM on August 30, 2019

buahahahahahha *gasps for breath* buahahahahahaha

sweet sweet karma, on so many levels
posted by Mrs Potato at 1:17 AM on August 31, 2019

The fact that you can compose and send tweets from the device that is used for your MFA without logging in seems like it defeats the purpose of the MFA? Once you have SIM swapped there’s no need to also steal the account password.
posted by toamouse at 1:38 AM on August 31, 2019

When you think you’re posting from your “other” account...
posted by ssmug at 5:32 AM on August 31, 2019 [2 favorites]

I mean, if someone really wanted to make headlines by hacking @jack, the tweet would be “I have seen the light. It is time to ban the Nazis.”

Possible follow-up tweet: "And first to go is @realDonaldTrump whose ongoing racism and calls to violence has made both Twitter and the world outside Twitter a worse place to live #stophate"
posted by spoobnooble II: electric bugaboo at 6:51 AM on August 31, 2019 [5 favorites]

Phone number based authentication creates an incentive for hackers to port your number to a new SIM. That, in and of itself, is a good reason to avoid it.
posted by swr at 6:52 AM on August 31, 2019 [1 favorite]

if you want to take your old number to a new carrier you should at least have to do that in person, with a photo ID, and your current cell phone

Where would I go for Straight Talk or Ting or any of the other MVNOs that don't have physical stores?
posted by 922257033c4a0f3cecdbd819a46d626999d1af4a at 11:27 AM on August 31, 2019

I'd have the same problem with my carrier Public Mobile. Besides that is a pretty high barrier for disadvantaged people who may not have an ID.
posted by Mitheral at 8:17 PM on August 31, 2019