On Friday, hackers briefly took over the Twitter account of Twitter CEO Jack Dorsey to post racist comments.
The hackers hijacked the account @jack to tweet out racial slurs and anti-Semitic insults. One tweet also tried to promote a bomb hoax. “Intel is there’s a bomb threat at Twitter HQ,” wrote the post.
The incident only lasted for around 10 minutes on Friday at 12:55 pm Pacific Time before the hackers’ tweets were deleted. According to Twitter, the hackers pulled off the hijacking by tricking Dorsey’s cellular provider to hand over access to his mobile phone number, which was registered with his account.
“The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved,” the company said in a tweet.
The hackers who took over Dorsey’s account say they go by the name “Chuckling Squad.” They’ve taken credit for several other account hijackings, which have also involved tricking cellular providers’ into giving up access to the victims’ mobile phone number.
In response to today’s hack, Twitter appears to be shutting down the user accounts connected with Chuckling Squad. A Discord channel the hackers were using to promote themselves has also been taken offline.
It isn’t the first time a tech CEO has had their Twitter account hijacked. In 2016, a separate group of hackers managed to break into Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts. The hackers claimed they were able to do so because the password for them, “dadada,” was exposed in another data breach involving LinkedIn.
Today’s incident is a reminder to secure your internet accounts with strong, unique passwords, and to unlink them from any third-party services you no longer use. It’s also good idea to use two-factor authentication, which can make it harder for attackers to break into your accounts.
Previously, it appeared today’s account hijacking may have involved Cloudhopper, a mobile messaging service Twitter acquired in 2010. “@jack’s hacked tweets are being posted from an app called Cloudhopper,” noticed freelance journalist James O’Malley. “So his account appears not breached —but rather Jack’s account is still hooked up to an old service that got hacked.”
Editor’s Note: This story has been updated with a new statement from Twitter on how the account hijacking occurred.