Chipotle’s website and official Twitter account were compromised late Saturday evening and into Sunday morning. The website was redirected on Saturday around 6PM (PST) to Chipotle’s official twitter account @chipotletweets and was then unresponsive.
The Chipotle domain’s technical and administrative contacts for the domain have been updated with a message from the attacker(s).
The @chipotletweets Twitter account also has been compromised by an individual referring to themselves as TheCeltic666 and as part of a group called TUGFeds. The Twitter account icon was replaced with the image of a Nazi flag and several tweets from the individual(s) who hacked them.
In June of 2013 Chipotle had faked the hacking of their Twitter account as part of a marketing campaign. Given the content and images that appeared on their Twitter account with this compromise, this is definitely not a similar gimmick. Both the website and Twitter account appeared to be back under the control of the company by 12:30AM Sunday morning.
Chipotle sent out a message on Twitter regarding the attack apologizing for the offensive messages that appeared under the account.
We apologize for the very offensive messages sent out from our account earlier tonight. We were unfortunately hijacked temporarily. -Joe
— Chipotle (@ChipotleTweets) February 8, 2015
The group claiming responsibility TUGFED had ther Twitter account suspended, however a new one was created under @TUGFedsReturn, where additional attacks were threatened.