Skip to main content

Hackers who hijacked Twitter CEO Jack Dorsey’s account claim another victim

The hacker group that took over Twitter CEO Jack Dorsey’s account has seemingly claimed another victim: this time, they’ve stolen actress Chloe Grace Moretz’s account. 

The hackers who accessed her account posted about a dozen tweets under her name on Wednesday morning, according to Gizmodo. One tweet contained the hashtag #chucklingSquad, which is the same hashtag that was tweeted from Dorsey’s account when it was hacked on Friday — and the name of the group that took credit for the hack.

Moretz, who is a 22-year-old actress best known for her roles in the Kick-Ass movies, has 3.1 million followers on Twitter. The hackers tweeted out expletives and nonsensical phrases, as well as two phone numbers and what they claimed was Dorsey’s social security number.

When Dorsey’s account was hacked last week, the hackers tweeted racial slurs and supposed “intel” about a bomb threat at Twitter’s headquarters. The Chuckling Squad also invited people to join its Discord chat server, which had since been taken down.

Dorsey has 4.2 million followers on Twitter and his account had previously been hacked in 2016.

Even though both accounts had the #chucklingSquad hashtag, it is unknown if the hacks came from the same entity or if someone was copying Dorsey’s hack. The hacked tweets from Moretz and Dorsey have since been deleted. 

The method the hackers used is known as SIM swapping, which convinces carriers to assign a phone number to a new phone that is in the hands of the attackers. In response to the hacks, Twitter said Wednesday afternoon that it was temporarily disabling the ability to tweet via text message.

We’re temporarily turning off the ability to Tweet via SMS, or text message, to protect people’s accounts.

— Twitter Support (@TwitterSupport) September 4, 2019

Reports say that both instances of hacked tweets were sent using Cloudhopper, which was an MMS company that Twitter acquired in 2010. Digital Trends reached out to Twitter to see if the Cloudhopper vulnerability was used to access both Dorsey’s and Moretz’s account, but a spokesperson declined to comment.

Twitter’s official communications account confirmed Dorsey’s hack in a series of tweets on August 30, adding that none of Twitter’s systems were compromised and that the account was secure. 

The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.

— Twitter Comms (@TwitterComms) August 31, 2019

While both of these hacks tweeted mostly nonsense, it’s still troubling that these high-profile Twitter hacks keep happening — especially when some Twitter can use the platform to announce world-changing police.

Update 9/4: Added details about Twitter removing text-to-tweet support.

Editors' Recommendations