A stream of rogue tweets — including racial slurs — were posted to the Twitter chief executive’s own Twitter account just after 3:30pm ET. One of the tweets posted a Twitter handle for someone who purported to take credit for the account takeover. That account was quickly suspended.
Dorsey has more than 4.21 million followers.
Twitter spokesperson Ebony Turner said the company was investigating. The company also tweeted about the incident:
It’s not immediately known how the account was compromised. However, the rogue tweets were sent via Cloudhopper, a service Twitter bought in 2010 to improve its SMS service, suggesting Dorsey’s account may have been compromised by an authorized third-party app rather than obtaining Dorsey’s account password.
It’s not the first time Twitter had to clean up after a high-profile account was hacked. Facebook boss Mark Zuckerberg once had his Twitter account hacked because his account didn’t use two-factor authentication. He also had a ridiculously easy-to-guess password.
Twitter later said it secured Dorsey’s account.
“The phone number associated with the account was compromised due to a security oversight by the mobile provider,” said Twitter in a follow-up statement. “This allowed an unauthorized person to compose and send tweets via text message from the phone number.”
In other words, Dorsey was likely a victim of SIM swapping. Twitter did not name the mobile provider.
Updated with statements from Twitter.