Twitter CEO and Co-founder Jack Dorsey’s account was hacked on Friday (August 30) demonstrating the potential vulnerabilities of even the most high-profile social media accounts, according to media reports.
A series of erratic and offensive tweets and retweets including obscenities, shout-outs, threats and racial slurs were unleashed. Some of the tweets contained the hashtag ‘ChucklingSquad’ which was believed to indicate the identity of the hacker group. One retweet was of a message supporting Nazi Germany, media reports claimed.
The tweets remained on the account, which has 4.2 million followers, for less than an hour before Twitter deleted them.
“We’re aware that Jack was compromised and investigating what happened,” a Twitter spokesperson said.
Twitter said the issue has been resolved and that there is no indication their systems were compromised.
Another Twitter spokeswoman said that the company looked into the bomb threat and “can confirm it was not credible.” The accounts mentioned by the hacker while controlling @jack appeared to be suspended Friday afternoon, she added.
However, the incident raises questions about the vulnerability of even high-profile accounts at one of the largest social media companies in the world. Dorsey’s account -like other high-profile accounts – should have been shielded as an obvious target. Political leaders, including President Donald Trump, use the platform to share news and opinions. If compromised, a hacker could use them to make political claims or even try to start a war.
It was questionable why the tweets – which violated numerous rules with offensive language and even a pro-Nazi retweet – stayed up so long when Twitter previously boasted about tools to catch policy-violating content quickly.
Criticisms bombarded on the platform questioning why the Twitter co-founder didn’t secure his account with two-factor authentication, and how disturbing a sign it was that the service wasn’t to keep its own chief safe on the platform.
“If you can’t protect Jack, you can’t protect… jack,” one Twitter user wrote.
The news comes with Dorsey and Twitter moving aggressively to clean up offensive and inappropriate content as part of a focus on “safety.” “This might be the only way to get rid of racist tweets on this platform,” a Twitter user commented.
British-based security consultant Graham Cluley said the incident highlighted the importance of two-factor authentication, where a user must confirm the account via an external service.
“Everyone should ensure they have 2FA enabled, use unique password, and double check what apps they’ve linked to their accounts,” Cluley tweeted.
“Hard to say at the moment how he was compromised, but one of those reasons most likely.” Cyber security researcher Kevin Beaumont said the account appeared to have been hijacked “via a third party called Cloudhopper, which Twitter acquired about 10 years ago and had access to his account.” Cloudhopper enables users to send tweets on their phones via SMS.
The incident raised fresh concerns about how social media users, even prominent ones can have their accounts compromised and used for misinformation, a point highlighted by Canadian member of parliament Michelle Rempel Garner.
“Between bots, trolls and abuse, I’ve been skeptical about @Twitter as a viable platform for some time now,” Rempel Garner wrote.
“But the fact it took the platform’s owner (@jack) about 30 min to get his hacked account under control is deeply problematic, and makes me worry as an elected official,” he added.