The Twitter account of Jack Dorsey, Twitter’s chief executive officer, was hacked and briefly hijacked on Friday in an embarrassing security lapse for the social network.
At 12.44pm Pacific time, the account @jack began publishing a series of tweets from the hackers. The rapid stream of tweets included racial slurs, profanity, praise for Adolf Hitler and a reference to “a bomb at Twitter HQ”. The hackers appear to refer to themselves as the “Chuckling Squad”.
The tweets also shared a link to a Discord server – a type of internet chat room – where users appeared to be boasting about the hack in the moments after the account was hijacked.
Twitter said that it was aware that the account had been “compromised” and was investigating what happened. The offending tweets were deleted less than 30 minutes after the initial breach.
“We take threats very seriously,” a spokeswoman for Twitter said in response to a question about the bomb threat. “We have looked into this threat and can confirm it is not credible.”
The company did not immediately respond to queries about how the breach occurred, but said in a tweet: “The account is now secure, and there is no indication that Twitter’s systems have been compromised.”
The Guardian briefly gained access to the Discord server linked to by the hackers, where users sent messages encouraging each other to “be on the lookout” and “keep looking at twitter” shortly before the breach. The server became unavailable shortly after 1pm.
Dorsey, 42, was one of the founders of Twitter and sent the first ever tweet on 21 March 2006. He served as the company’s first CEO until October 2008, when he stepped down, and returned to the role in 2015. He has 4.2m followers.
Twitter told the US Senate intelligence committee that Dorsey uses two-factor authentication on his personal Twitter and email accounts in written responses provided to the committee in September 2018. Two-factor authentication requires an additional form of verification beyond a password to access an account, which usually comes via an SMS message or email.
The hacked tweets appear to have been sent using a third-party service called Cloudhopper that Twitter acquired in 2010. At the time, Twitter described Cloudhopper as a “messaging infrastructure company that enables Twitter to connect directly to mobile carrier networks in countries all over the planet”.
Dorsey is not the first technology CEO to suffer the embarrassment of a personal hack, nor is this the first time his account has been compromised. In 2016, a hacking group known as OurMine Security took over the accounts of numerous celebrities and tech executives, including Dorsey, Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and the former Uber CEO Travis Kalanick.