San Francisco (CNN Business) Twitter (TWTR) CEO Jack Dorsey's account on the site was hacked Friday, and he may have fallen victim to a vulnerability that Twitter has previously been warned about and repeatedly denied was a problem.

For about 20 minutes on Friday afternoon, Dorsey's account tweeted a series of racist and otherwise offensive tweets. Twitter quickly acknowledged that someone had hacked the account, and said it was now secure

The tweets appear to have been sent not by hacking Dorsey's actual account, but by the hacker or hackers convincing Twitter's systems that they had his phone and were texting the tweets to his account. It's likely the hacker or hackers wouldn't even have needed Dorsey's password, or ever been prompted for it.

The tweets were labeled as posted by Cloudhopper, an SMS company Twitter purchased in 2010 , back when some users regularly used text messages to send tweets. Today, if a text is sent to 40404 from a US phone number associated with a Twitter account, that account will post the text, and it will be labeled as coming from Cloudhopper.

CNN confirmed this would work using a newly registered account, which Twitter automatically opted in to texting by tweet. Then, with a phone that has never been used to log into Twitter, and without ever being asked for any password, a CNN reporter was able to send a tweet by text.

Read More