Hackers broke into the Twitter account of actress Chloë Grace Moretz on Wednesday, less than a week after CEO Jack Dorsey’s account was compromised. While it’s unclear whether the same people were responsible for both incidents, the two hacks bore striking similarities.
At around 11:30 a.m., a tweet went out from Moretz’s account containing a racist hashtag, along with the calling card “chucklingSquad.” The same hashtag and a link to a Chuckling Squad chat on Discord were sent from Dorsey’s account on Friday. Tweets that went out in both cases also referenced “Chungus,” a meme that depicts an “overweight giant earth destroying, god killing rabbit.”
Trevor Duke-Moretz, Chloë’s brother, confirmed that his sister’s account was hacked:
As was the case in the Dorsey incident, the hackers who commandeered Moretz’s account namechecked Twitter and Instagram handles and directed onlookers to follow them. The hackers then released what they purported to be Dorsey’s Social Security number. The Twitter account that the hackers called out appears to have been deactivated. The Instagram accounts are still active.
The hackers ended their roughly 20-minute joyride with Moretz’s account by posting ImgBB and Imgur links, at least one of which led to a sexually suggestive picture. At that point, the tweets were all deleted, presumably by Twitter security.
The Moretz hack comes five days after Dorsey’s account spat out pro-Nazi propaganda and racist slurs during a 20-minute infiltration. Twitter later disclosed that hackers were able to compromise the phone number associated with Dorsey’s account. They likely accomplished this by executing a SIM swap attack, which involves a hacker tricking or bribing a carrier employee to switch the number assigned to a certain SIM card. The hacker can then intercept two-factor authentication codes. The hackers may have sent the tweets using the Cloudhopper client, which allows users to post on Twitter via SMS texting. Gizmodo reports that, based on archived webpages, it’s possible that a Cloudhopper vulnerability also allowed hackers to compromise Moretz’s account. Twitter announced on Wednesday afternoon that it would be temporarily suspending the texting feature.
The “Chuckling Squad” has been associated with hacks of other celebrity accounts, including those belonging to YouTubers Shane Dawson and James Charles and rapper DJ Akademiks. In many cases, the hackers have shouted out the same Twitter handles and referenced the same memes and hashtags. Yet it’s unclear whether the same person or group was responsible for all the hacks, or whether copycats may be affiliating themselves with the Chuckling Squad.
So if you’ve attained any measure of fame, it might be time to lock down your Twitter account.