The account of Twitter Chief Executive Jack Dorsey was hacked on Friday, sending public tweets and retweets including racial slurs and curse words to 4 million followers before Twitter secured the account.
The social media company said the phone number associated with his account was compromised due to a security oversight by the mobile provider.
“This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved,” the company said, adding separately that there was no indication that Twitter’s systems had been compromised.
One of the tweets from the hacked account said Nazi leader Adolf Hitler was innocent, while others contained derogatory comments about black people and Jews.
The offensive tweets and retweets were deleted less than an hour after the incident. Some Twitter accounts named in the compromised tweets and retweets appeared suspended on Friday.
Twitter declined to comment on the security measures Dorsey uses. One possibility is a SIM-card swap, in which a hacker called Dorsey’s wireless carrier and convinced them to switch his number to a new SIM card. Such swaps are possible because hackers can gather personal information on the dark web and use it to validate the account.
It appears the infiltrators were able to post messages to Dorsey's account through text messages. Tweets display the app or method used to post them. For these tweets, it was Cloudhopper, a service Twitter acquired in 2010 to bolster its SMS functionality.
If you send a text message to 40404 using the phone number linked to your Twitter account, the SMS will be posted as a tweet. Cloudhopper will appear as the source on said tweet.
Twitter suggested Dorsey's cell carrier was at fault. "The phone number associated with the account was compromised due to a security oversight by the mobile provider," it wrote in a statement.
Dorsey’s Twitter account was also compromised in 2016 by a group that also hacked the Twitter accounts of Google CEO Sundar Pichai and Facebook CEO Mark Zuckerberg.