Less than a week after CEO Jack Dorsey’s Twitter account was compromised by hackers, actress Chloë Grace Moretz – the 22-year-old actress of Kick-Ass fame – briefly lost control of her account as well.
Moretz’s hackers posted the hashtag “#chucklingSquad” in one of the dozen or so tweets it sent from her account, along with other puerile nonsense. The same hashtag was sent out from Dorsey’s account when it was taken over, and “Chuckling Squad” has been connected to a number of high-profile Twitter account takeovers in recent weeks.
Last week, the Dorsey hackers tweeted “intel” about a supposed bomb threat at Twitter HQ. On Wednesday, a message from Moretz’s compromised account included Dorsey’s supposed social security number, which appeared to be fake. The hackers also posted two phone numbers, and offered to release nude photographs of a woman named Andreya.
Although bearing many similarities, it’s impossible to know if Chuckling Squad is actually responsible for this hack, or if it’s merely a copycat attack.
From what can be gleaned from archived webpages and screenshots, Moretz’s account appears to have been breached using a service called Cloudhopper, the same method that was used to take over Dorsey’s account. Twitter acquired Cloudhopper almost a decade ago to allow users to post to the platform via SMS messages. After regaining control of Dorsey’s account, Twitter stated that his phone number was “compromised due to a security oversight by the mobile provider. This allowed an unauthorised person to compose and send tweets via text message from the phone number.”
When Twitter’s official communications account claimed the issue was “resolved” last Friday evening, it was not clear if it meant with Dorsey’s account specifically or that it had patched some glaring hole in Cloudhopper’s infrastructure, although it’s increasingly likely they meant the former.
When reached by Gizmodo on Wednesday, a Twitter spokesperson responded: “We are looking into this.” Later that day, Twitter Support tweeted the following:
We’re temporarily turning off the ability to Tweet via SMS, or text message, to protect people’s accounts.
— Twitter Support (@TwitterSupport) September 4, 2019
Featured image: Screenshot: Wayback Machine