The account of Twitter Inc Chief Executive Jack Dorsey was hacked on Friday afternoon, sending public tweets and retweets including racial slurs and curse words to 4 million followers before Twitter secured the account.
The social media company, co-founded by Dorsey, said the phone number associated with his account was compromised due to a security oversight by the mobile provider.
“This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved,” the company said, adding separately that there was no indication that Twitter’s systems had been compromised.
One of the tweets from the hacked account said Nazi leader Adolf Hitler was innocent, while others contained derogatory comments about black people and Jews. There was also a tweet suggesting there was a bomb at Twitter’s headquarters.
The account posted a hashtag that was used during the apparent hacks of several YouTube stars last week.
The hack underscored potential vulnerabilities in the social media platform, which is widely used by world leaders and politicians, including U.S. President Donald Trump. It comes at a time when social media companies are facing scrutiny over management of their networks, privacy issues and security of user data.
The offensive tweets and retweets were deleted less than an hour after the incident. Some Twitter accounts named in the compromised tweets and retweets appeared suspended on Friday.
Screenshots of the tweets appeared to show they were sent through Cloudhopper, a mobile text messaging service that Twitter acquired in 2010. Twitter did not immediately respond when asked to confirm if the hack took place via Cloudhopper.
Security researcher Brian Krebs said it appeared that Dorsey was the victim of a SIM swapping attack in which a mobile provider is tricked or otherwise convinced to transfer a victim’s phone number to a SIM card controlled by someone else.
The Friday incident was not the first time that Dorsey’s Twitter account has been hacked. His account was compromised in 2016 by a group that also hacked the Twitter accounts of Google CEO Sundar Pichai and Facebook CEO Mark Zuckerberg.
