This story contains images of hate speech and may be NSFW.
Sometimes the fast-food burrito chain Chipotle is pretty good at Twitter; other times, not so much. Earlier this week, Chipotle asked its fans to tweet haikus about how much they loved the burritos and the results were not a disaster, which is about the best #brands on social media can hope for at this point. All was good. Then, a few days later, the company’s Twitter account was hacked, its avatar was changed to a swastika, and it started tweeting a stream of trolling bile.
The hack occurred late Saturday night. While the takeover only lasted a few minutes with the tweets quickly being scrubbed from the company’s account, screenshots of the message started circulating around the microblogging service almost immediately.
Well @ChipotleTweets is having a bad night. pic.twitter.com/Nz8q2iAoNc
— Parker Higgins (@xor) February 8, 2015
So if you work in the media department at Chipotle, how much of a panic attack are you having right now? pic.twitter.com/uPhp0WtrxC
— emokidsloveme, J.D., LLM (@emokidsloveme) February 8, 2015
https://twitter.com/YourAnonGlobal/status/564345417924501506
Since the swastika appeared throughout Twitter’s Web presence during the duration of the attack, going back and looking at Chipotle’s older tweets was also pretty awkward.
https://twitter.com/RonFunches/status/564327422942650369
The company apologized shortly after regaining exclusive control over the account.
We apologize for the very offensive messages sent out from our account earlier tonight. We were unfortunately hijacked temporarily. -Joe
— Chipotle (@ChipotleTweets) February 8, 2015
During the hack, Chipotle’s Twitter bio was changed to point to two other accounts, presumably belonging to the hackers claiming credit for the attack. Both of those Twitter accounts have been suspended. Although, before the accounts were erased, one of the hackers explained the motivation behind the attack:
It appears as if the attack was accomplished by the hackers compromising Chipotle’s domain name system (DNS), which converts numerical IP addresses into actual words human beings can understand. The hackers were able to compromise Chipotle’s DNS and make it so emails originally sent to an internal company email address were instead routed to one they controlled. Once they had access to Chipotle’s email, all the hackers had to do was ask for a password reset on the account, intercept the email, change the password to something of their choosing, and then start tweeting Nazi stuff.
Looks like @ChipotleTweets‘ DNS was compromised. Then Twitter password reset to a pwned email address. pic.twitter.com/6t3cN6OwbY
— Parker Higgins (@xor) February 8, 2015
The Electronic Frontier Foundation’s Parker Higgins told to the Daily Dot that, even though the hackers messed with Chipotle’s DNS, it doesn’t mean the company’s official website was necessarily compromised. DNS functions on a different “layer” of the Internet than do websites, so the hackers may have only had the ability to point traffic initially directed to Chipotle to other online locations.
Representatives from Chipotle did not immediately respond to a request for comment.
The hackers used that ability to redirect visitors to Chipotle.com to the Twitter profile of the person claiming credit for the attack.
https://twitter.com/carinadaidone/status/564327907397734401
Naturally, everyone on Twitter hoped that the hack would somehow result in getting free burritos—even though it almost certainly won’t. Everyone knows the only way to get free Chipotle is to write burrito-themed haikus.
Chipotle should just give free food to all the black people for a day to sincerely apologize
— Maybe: Syd 🧚🏾♀️💜 (@Miley_Highrus) February 8, 2015
.@ChipotleTweets im alaskan so i found it very offensive you have nazi symbolism as your profile pic, i accept free burrito
— Baked Alaska (@bakedalaska) February 8, 2015
I’m Jewish and very offended, I DEMAND free burritos for me and all of my followers! @ChipotleTweets
— Drew Hillman (@hillman811) February 8, 2015
https://twitter.com/jericagolez/status/564328571330523137
Ultimately, the moral of the story is that Chipotle probably needs better online security procedures.
Photo by proshob/Wikimedia Commons (CC BY-SA 3.0)