UK man arrested in Spain for role in Twitter 2020 hack

A 22-year-old UK national was arrested today in Spain for his role in hacking Twitter's internal network and hijacking high-profile accounts in July last year.

Joseph O'Connor, 22, was arrested today in the city of Estepona, in southern Spain, by Spanish National Police pursuant to a US arrest warrant.

O'Connor marks the fourth man linked to the Twitter 2020 hack, after three men were charged and detained on July 31, last year:

  • Mason Sheppard, aka "Chaewon," 19, of Bognor Regis, in the United Kingdom [indictment]
  • Nima Fazeli, aka "Rolex," 22, of Orlando, Florida [indictment]
  • Graham Ivan Clark, believed to be "Kirk," 17 of Tampa, Florida [indictment]

O'Conner, who went online as "j0e," worked with the other three to gain access to one of Twitter's internal Slack channels. The group found credentials in the Slack workplaces that allowed them to gain access to Twitter's moderation panel.


Using their access, the group gained control over more than 130 Twitter accounts for high-profile celebrities, which they later used to tweet out a cryptocurrency scam.

The message, spotted on accounts belonging to Barrack Obama, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, Kim Kardashian, Floyd Mayweather, Michael Bloomberg, and others, asked users to send Bitcoin to several addresses.


The high-profile hack was detected within hours, and three suspects were tracked down by the FBI and charged by the DOJ in less than two weeks.

O'Connor was the last core member of the conspiracy that authorities couldn't locate back in July 2020. His involvement in the incident was widely known after the suspect bragged about the hacks on personal social media accounts.

In addition, the UK national was also charged with computer intrusions unrelated to the Twitter hack--related to TikTok and Snapchat user account takeovers-- and cyberstalking an unnamed victim.

All in all, O'Conner is charged with three counts of conspiracy to intentionally access a computer without authorization and obtaining information from a protected computer; two counts of intentionally accessing a computer without authorization and obtaining information from a protected computer; one count of conspiracy to intentionally access a computer without authorization and, with the intent to extort from a person a thing of value, transmitting a communication containing a threat; one count of making extortive communications; one count of making threatening communications; and two counts of cyberstalking.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.