On Friday, Twitter CEO and co-founder Jack Dorsey began posting some strange tweets, suggesting that his account was compromised by hackers.
The tweets began around 12:45 p.m. PT on Friday, when @jack began rapid-tweeting a series of alternatingly offensive and incoherent content. Among the tweets, @jack’s account shared racial slurs, shoutouts to various people, the hashtag #ChucklingSquad, and a link to a Discord chat called “Chuckling Squad.” The Discord chat was disabled around 30 minutes after the link was shared on Twitter.
“Hitler is innocent go follow @taytaylov3r if you want every jew gassed,” one tweet read.
The incident appears to be related to the recent Twitter hack of makeup artist and influencer James Charles Dorsey’s account, which also shared tweets referring to #ChucklingSquad.
Dorsey’s account is one of the most prominent on the platform and the Twitter CEO boasts 4.2 million followers.
Because he is Twitter’s top executive and a prominent if esoteric figure in Silicon Valley, Dorsey's account is a high value target for hackers keen to flex their skills in a flashy way or spread a message widely on the platform.
As some Twitter users pointed out, the hacked tweets were posted using Cloudhopper, an SMS messaging service Twitter purchased in 2010. The route used to compromise @jack is not immediately clear, but it could involve the messaging service.
It’s also possible that hackers gained access to Dorsey’s account using a more routine method, most likely a SIM swap or SIM hijacking attack.
While Twitter does offer two-factor authentication, which it calls “login verification,” through third-party apps or a security key, the platform defaults to the notoriously insecure SMS-based two-factor authentication method when a user turns on the security measure.
A Twitter spokesperson told The Daily Beast that the company is aware of the situation and currently investigating. Less than two hours after the incident, the company tweeted an update: “The account is now secure, and there is no indication that Twitter's systems have been compromised.”
Around 5:30 p.m.PT, Twitter issued a new statement. “The phone number associated with the account was compromised due to a security oversight by the mobile provider,” the company wrote on its own platform. “This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.”
The company’s statement indicates that @jack’s account was indeed compromised through third-party app Cloudhopper—an app Twitter itself owns. That service has long allowed users to tweet by texting “40404” from a phone number associated with their account.