Now playing
01:42
Here's how Twitter got started
Google Earth's new timelapse feature
Google
Google Earth's new timelapse feature
Now playing
01:09
Google Earth's new Timelapse feature shows 40 years of climate change in just seconds
Now playing
01:32
Scientists turned spiderwebs into music and it sounds like a nightmare
Elon Musk's Neuralink says this monkey is playing Pong with its mind
From Neuralink/Youtube
Elon Musk's Neuralink says this monkey is playing Pong with its mind
Now playing
01:41
Elon Musk's company says this monkey is playing Pong with his mind
CNN
Now playing
02:36
The truth behind Covid-19 vaccines for sale on the dark web
Now playing
05:41
NFTs have completely transformed these digital artists' lives
Boston Dynamics
Now playing
00:48
Boston Dynamics' newest robot has tentacle-like grippers
Energy and Commerce Committee/YouTube
Now playing
02:50
US lawmakers question tech CEOs on misinformation
Now playing
00:55
This robot's 'self-portrait' NFT just sold for nearly $700,000
Now playing
03:19
Slack CEO: We made an 'unforced error' in DM roll out
WASHINGTON, DC - FEBRUARY 10:  Chairman Sen. Bernie Sanders, (I-VT) speaks as Neera Tanden, President Joe Bidens nominee for Director of the Office of Management and Budget (OMB), appears before a Senate Committee on the Budget hearing on Capitol Hill on February 10, 2021 in Washington, DC. Tanden helped found the Center for American Progress, a policy research and advocacy organization and has held senior advisory positions in Democratic politics since the Clinton administration. (Photo by Andrew Harnik-Pool/Getty Images)
Pool/Getty Images
WASHINGTON, DC - FEBRUARY 10: Chairman Sen. Bernie Sanders, (I-VT) speaks as Neera Tanden, President Joe Bidens nominee for Director of the Office of Management and Budget (OMB), appears before a Senate Committee on the Budget hearing on Capitol Hill on February 10, 2021 in Washington, DC. Tanden helped found the Center for American Progress, a policy research and advocacy organization and has held senior advisory positions in Democratic politics since the Clinton administration. (Photo by Andrew Harnik-Pool/Getty Images)
Now playing
03:04
Sanders: 'I don't feel comfortable' about Trump's Twitter ban
LONDON, ENGLAND - JANUARY 16: Prince Harry, Duke of Sussex, the Patron of the Rugby Football League hosts the Rugby League World Cup 2021 draws for the men's, women's and wheelchair tournaments at Buckingham Palace on January 16, 2020 in London, England. The Rugby League World Cup 2021 will take place from October 23rd through to November 27th, 2021 in 17 cities across England. (Photo by Chris Jackson/Getty Images)
Chris Jackson/Getty Images
LONDON, ENGLAND - JANUARY 16: Prince Harry, Duke of Sussex, the Patron of the Rugby Football League hosts the Rugby League World Cup 2021 draws for the men's, women's and wheelchair tournaments at Buckingham Palace on January 16, 2020 in London, England. The Rugby League World Cup 2021 will take place from October 23rd through to November 27th, 2021 in 17 cities across England. (Photo by Chris Jackson/Getty Images)
Now playing
03:19
BetterUp CEO explains Prince Harry's role at the tech startup
An NFT digital home called Mars House by Krista Kim Studio Inc. has sold for $500,000
From Krista Kim Studio Inc./SuperRare
An NFT digital home called Mars House by Krista Kim Studio Inc. has sold for $500,000
Now playing
01:11
This digital home might cost more than your actual home
Justin Long appeared in Intel's new PC vs Mac commercial as the "PC Guy" (Source: Intel)
Intel
Justin Long appeared in Intel's new PC vs Mac commercial as the "PC Guy" (Source: Intel)
Now playing
01:03
Justin Long switches sides in new Mac vs PC commercials
Rally Studios
Now playing
02:13
One-shot drone video of bowling alley mesmerizes internet
MyHeritage
Now playing
01:01
Watch old photos come to life using AI
(CNN Business) —  

Twitter (TWTR) CEO Jack Dorsey’s account on the site was hacked Friday, and he may have fallen victim to a vulnerability that Twitter (TWTR) has previously been warned about and repeatedly denied was a problem.

For about 20 minutes on Friday afternoon, Dorsey’s account tweeted a series of racist and otherwise offensive tweets. Twitter quickly acknowledged that someone had hacked the account, and said it was now secure.

The tweets appear to have been sent not by hacking Dorsey’s actual account, but by the hacker or hackers convincing Twitter’s systems that they had his phone and were texting the tweets to his account. It’s likely the hacker or hackers wouldn’t even have needed Dorsey’s password, or ever been prompted for it.

The tweets were labeled as posted by Cloudhopper, an SMS company Twitter purchased in 2010, back when some users regularly used text messages to send tweets. Today, if a text is sent to 40404 from a US phone number associated with a Twitter account, that account will post the text, and it will be labeled as coming from Cloudhopper.

CNN confirmed this would work using a newly registered account, which Twitter automatically opted in to texting by tweet. Then, with a phone that has never been used to log into Twitter, and without ever being asked for any password, a CNN reporter was able to send a tweet by text.

Hackers could potentially use this method to send tweets from other accounts belonging to prominent figures -— including American elected officials who are frequent Twitter users, like President Trump — so long as the targets haven’t opted out of tweeting by text. The White House and the Secret Service did not immediately respond to requests for comment as to whether Trump’s account has tweeting by text enabled.

This method of tweeting may have once seemed like a useful and harmless feature. But a phone number is considered far less of a secure identifier today than it was in 2010. The past few years have seen the rise of “sim jacking,” in which a hacker will convince a phone carrier that they’ve lost their SIM card and request that number be transferred to a new card.

In a follow-up tweet Friday night, Twitter implied this was what happened, writing, “The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.”

Phone numbers can also be imitated without “sim jacking.” Security researchers have previously been able to spoof a phone number associated with an account and convince Twitter to let them post tweets that way. Twitter said at the time it was a bug that had been resolved.

In 2012, Twitter published a blog post responding to reports that it might be possible for hackers to spoof a phone number and send tweets by text in this way. In that post, it specifically denied that US users could be vulnerable to such a hack.

Twitter declined to comment beyond its tweets about Dorsey.