SAN FRANCISCO - Twitter said Friday the account of chief executive Jack Dorsey had been “compromised” after a series of erratic and offensive messages were posted.
The tweets containing racial slurs and suggestions about a bomb showed up around 2000 GMT on the @jack account of the founder of the short messaging service before being deleted.
Some of the tweets contained the hashtag #ChucklingSquad, which was believed to indicate the identity of the hacker group. The same calling card was left behind during recent hacks of other high-profile social media personalities.
The messages contained racial epithets, and included a retweet of a message supporting Nazi Germany.
“We’re aware that @jack was compromised and (are) investigating what happened,” a Twitter spokesperson said.
Tweets up for 30 minutes
The San Francisco-based firm followed up midafternoon with a Twitter post saying Dorsey’s account was secured and there was “no indication that Twitter’s systems have been compromised.”
It appeared that tweets posted on Dorsey’s account by the hacker were up for about a half-hour before they were removed.
Pinned atop Dorsey’s account was a tweet from early last year saying: “We’re committing Twitter to help increase the collective health, openness, and civility of public conversation, and to hold ourselves publicly accountable towards progress.”
A barrage of comments fired off on the platform questioned why the Twitter co-founder didn’t secure his account with two-factor authentication, and how disturbing a sign it was that the service wasn’t to keep its own chief safe on the platform.
“If you can’t protect Jack, you can’t protect ... jack,” one Twitter user quipped.
Cleaning up content
The news comes with Dorsey and Twitter moving aggressively to clean up offensive and inappropriate content as part of a focus on “safety.”
“This might be the only way to get rid of racist tweets on this platform,” a Twitter user commented.
British-based security consultant Graham Cluley said the incident highlighted the importance of two-factor authentication, where a user must confirm the account via an external service.
“Everyone should ensure they have 2FA enabled, use unique password, and double check what apps they’ve linked to their accounts,” Cluley tweeted. “Hard to say at moment how he was compromised, but one of those reasons most likely.”
Cybersecurity researcher Kevin Beaumont said the account appeared to have been hijacked “via a third party called Cloudhopper, which Twitter acquired about 10 years ago and had access to his account.”
Cloudhopper enables users to send tweets on their phones via SMS.
University of Hartford communications professor Adam Chiara was keen to learn whether the breach resulted from Dorsey’s negligence or a breakdown of security at Twitter.
“While it’s tempting to laugh at the irony of it, the real-world consequences don’t make it funny,” Chiara said of Dorsey’s account being hacked. “Twitter can tell us that they are becoming more diligent with our privacy and security, but actions speak louder than words.”
The incident raised fresh concerns about how social media users, even prominent ones, can have their accounts compromised and used for misinformation, a point highlighted by Canadian member of parliament Michelle Rempel Garner.
“Between bots, trolls and abuse, I’ve been skeptical about @Twitter as a viable platform for some time now,” Rempel Garner wrote. “But the fact it took the platform’s owner (@jack) about 30 min to get his hacked account under control is deeply problematic, and makes me worry as an elected official.”