Now playing
01:42
Here's how Twitter got started
screengrab US social media
screengrab US social media
PHOTO: Getty Images
Now playing
04:35
Tech companies ban Trump, but not other problematic leaders
PHOTO: Samsung
Now playing
01:53
See Samsung's new Galaxy S21 lineup
PHOTO: CNN
Now playing
02:47
Extremists and conspiracy theorists search for new platforms online
This illustration picture shows the social media website from Parler displayed on a computer screen in Arlington, Virginia on July 2, 2020. - Amid rising turmoil in social media, recently formed social network Parler is gaining with prominent political conservatives who claim their voices are being silenced by Silicon Valley giants. Parler, founded in Nevada in 2018, bills itself as an alternative to "ideological suppression" at other social networks. (Photo by Olivier Douliery/AFP/Getty Images)
This illustration picture shows the social media website from Parler displayed on a computer screen in Arlington, Virginia on July 2, 2020. - Amid rising turmoil in social media, recently formed social network Parler is gaining with prominent political conservatives who claim their voices are being silenced by Silicon Valley giants. Parler, founded in Nevada in 2018, bills itself as an alternative to "ideological suppression" at other social networks. (Photo by Olivier Douliery/AFP/Getty Images)
PHOTO: Olivier Douliery/AFP/Getty Images
Now playing
03:49
Parler sues Amazon in response to being deplatformed
PHOTO: Twitter
Now playing
02:39
Twitter permanently suspends Donald Trump from platform
Panasonic
Panasonic's Augmented Reality Heads-up Display
PHOTO: Panasonic USA
Now playing
01:06
This tech gives drivers directions on the road in front of them
PHOTO: LG Display
Now playing
01:10
See LG's transparent TV
PHOTO: Twitter/@gregdoesthings
Now playing
02:06
Internet gets creative with empty iPhone boxes
NEW YORK, NY - JUNE 3: The Google logo adorns the outside of their NYC office Google Building 8510 at 85 10th Ave on June 3, 2019 in New York City. Shares of Google parent company Alphabet were down over six percent on Monday, following news reports that the U.S. Department of Justice is preparing to launch an anti-trust investigation aimed at Google. (Photo by Drew Angerer/Getty Images)
NEW YORK, NY - JUNE 3: The Google logo adorns the outside of their NYC office Google Building 8510 at 85 10th Ave on June 3, 2019 in New York City. Shares of Google parent company Alphabet were down over six percent on Monday, following news reports that the U.S. Department of Justice is preparing to launch an anti-trust investigation aimed at Google. (Photo by Drew Angerer/Getty Images)
PHOTO: Drew Angerer/Getty Images North America/Getty Images
Now playing
03:25
Google employee on unionizing: Google can't fire us all
Now playing
02:01
Watch 'deepfake' Queen deliver alternative Christmas speech
This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using a website that monitors global cyberattacks on his computer at their office in Dongguan, China
This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, one of China's last "volunteer hacker" groups maintains a final outpost in its patriotic hacking war. (Photo by NICOLAS ASFOURI / AFP) / TO GO WITH China-hacking-security,FOCUS by Laurie Chen / The erroneous mention[s] appearing in the metadata of this photo by NICOLAS ASFOURI has been modified in AFP systems in the following, we removed the HOLD HOLD HOLD in the main caption. Please immediately remove the erroneous mention[s] from all your online services and delete it (them) from your servers. If you have been authorized by AFP to distribute it (them) to third parties, please ensure that the same actions are carried out by them. Failure to promptly comply with these instructions will entail liability on your part for any continued or post notification usage. Therefore we thank you very much for all your attention and prompt action. We are sorry for the inconvenience this notification may cause and remain at your disposal for any further information you may require. (Photo by NICOLAS ASFOURI/AFP via Getty Images)
PHOTO: NICOLAS ASFOURI/AFP/AFP via Getty Images
Now playing
03:30
Russia claims cyberattack may be plot to hurt ties with Biden
Now playing
01:42
Watch father leave daughter dozens of surprise Ring messages
PHOTO: Photo Illustration: Kena Betancur/Getty Images
Now playing
04:50
Zoom's founder says he 'let down' customers. Here's why
Now playing
00:48
See Walmart's self-driving delivery trucks in action
Now playing
01:25
This robotaxi from Amazon's Zoox has no reverse function
(CNN Business) —  

Twitter (TWTR) CEO Jack Dorsey’s account on the site was hacked Friday, and he may have fallen victim to a vulnerability that Twitter (TWTR) has previously been warned about and repeatedly denied was a problem.

For about 20 minutes on Friday afternoon, Dorsey’s account tweeted a series of racist and otherwise offensive tweets. Twitter quickly acknowledged that someone had hacked the account, and said it was now secure.

The tweets appear to have been sent not by hacking Dorsey’s actual account, but by the hacker or hackers convincing Twitter’s systems that they had his phone and were texting the tweets to his account. It’s likely the hacker or hackers wouldn’t even have needed Dorsey’s password, or ever been prompted for it.

The tweets were labeled as posted by Cloudhopper, an SMS company Twitter purchased in 2010, back when some users regularly used text messages to send tweets. Today, if a text is sent to 40404 from a US phone number associated with a Twitter account, that account will post the text, and it will be labeled as coming from Cloudhopper.

CNN confirmed this would work using a newly registered account, which Twitter automatically opted in to texting by tweet. Then, with a phone that has never been used to log into Twitter, and without ever being asked for any password, a CNN reporter was able to send a tweet by text.

Hackers could potentially use this method to send tweets from other accounts belonging to prominent figures -— including American elected officials who are frequent Twitter users, like President Trump — so long as the targets haven’t opted out of tweeting by text. The White House and the Secret Service did not immediately respond to requests for comment as to whether Trump’s account has tweeting by text enabled.

This method of tweeting may have once seemed like a useful and harmless feature. But a phone number is considered far less of a secure identifier today than it was in 2010. The past few years have seen the rise of “sim jacking,” in which a hacker will convince a phone carrier that they’ve lost their SIM card and request that number be transferred to a new card.

In a follow-up tweet Friday night, Twitter implied this was what happened, writing, “The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.”

Phone numbers can also be imitated without “sim jacking.” Security researchers have previously been able to spoof a phone number associated with an account and convince Twitter to let them post tweets that way. Twitter said at the time it was a bug that had been resolved.

In 2012, Twitter published a blog post responding to reports that it might be possible for hackers to spoof a phone number and send tweets by text in this way. In that post, it specifically denied that US users could be vulnerable to such a hack.

Twitter declined to comment beyond its tweets about Dorsey.