The attack, which occurred just after 1am ET, saw the the company’s profile picture changed from its usual pepper logo to a swastika. The profile description was also altered to read:
The official Twitter account of @TUGFeds and @TheCeltic666
Both of those accounts have subsequently been suspended by Twitter.
After regaining control of its errant @ChipotleTweets account, the company said sorry to its followers:
We apologize for the very offensive messages sent out from our account earlier tonight. We were unfortunately hijacked temporarily. -Joe
Screenshots captured by Time before the account was reclaimed show some of the offensive tweets, which include anti-establishment messages such as:
F*CK THE GOVERNMENT AND FBI, UR ALL FRAUDS THAT LINE UR POCKETS HAHAHAHA LOSERS, F*CK YOU ALL
In a continuation of the political theme, the attacker also suggested Chipotle was “in full support of the Nazi party” and directed a racial slur at President Obama.
In an official statement, Chipotle’s communications director Chris Arnold said:
Our Twitter account was hijacked overnight for about two hours during which a series of offensive tweets was posted to the account.
We apologise for the nature of the posts that were made during that time, and we are now conducting an investigation to try to determine what happened and who might have been involved.
While the motive for the hack is unclear, it is possible that the attackers were acting out of a sense of irony after Chipotle itself seemingly orchestrated a fake Twitter account hack in 2013 – as part of a 20th anniversary publicity campaign.
A series of tweets from the company at first appeared to be random and nonsensical until it later became clear that they contained a list of ingredients for its guacamole recipe. Speaking at the time, Arnold told Mashable that:
We thought that people would pay attention, that it would cut through people's attention and make them talk, and it did that.
It was definitely thought out: We didn't want it to be harmful or hateful or controversial.
The Mexican food chain isn’t the first Twitter account to be hacked this year – in January US pop star Taylor Swift had her account taken over for a short while as an attacker pushed out tweets promoting two other Twitter accounts that were themselves quickly suspended.
As John Zorabedian noted at the time, the best way to protect your own social media accounts from befalling a similar fate is to employ two-factor authentication where available.
Doing so adds an additional layer of security, requiring a would-be attacker to not only circumnavigate your password but also an additional identifying factor, such as a code sent to your phone via SMS.
And, of course, it’s really important to make sure you use strong, unique passwords for every single one of your online accounts. If you’re not sure what makes a password “strong”, then watch our video on how to pick a proper password.