Ontario's Peterborough grapples with a 24-hour takeover of its X account, renamed JupiterExchange, promoting a cryptocurrency scam. (Getty Images)
A municipality in Ontario has become the latest victim of a temporary loss of access to its social media account. The city of Peterborough, situated about 125 km northeast of Toronto, reported that its X/Twitter account was taken over and renamed JupiterExchange on Sunday, with the unauthorized controller tweeting links to a cryptocurrency scam for approximately 24 hours before the city regained control.
Brendan Wedley, the city’s director of strategic communications and service, stated that the municipality is currently investigating the hacking incident. He mentioned that three to five individuals had password access to the account, and the attacker utilized the compromised access solely to manipulate the account. No suspicious activities were detected on the city's IT network, and there were no signs of unauthorized access to the email accounts of staff with X account privileges.
In an official statement, the city emphasized that no personal information was disclosed on its X social media account during the incident. This occurrence is part of a series of recent takeovers of X accounts, many of which have been exploited for cryptocurrency scams. It remains unclear whether this is a specific tactic employed by a particular group or if multiple copycats are involved.
Notably, cybersecurity company Mandiant experienced a notable breach over a week ago, attributing the incident to a lack of adequate protection due to changes in X's two-factor authentication policy. The attacker, in this case, redirected the compromised account to post links leading to a cryptocurrency phishing page, targeting unsuspecting victims.
Another significant takeover involved the U.S. Securities and Exchange Commission (SEC), where the hacker falsely claimed approval for the listing of bitcoin exchange-traded funds (ETFs) on U.S. security exchanges. While the SEC denied responsibility for the breach, the incident underscores the vulnerability of high-profile accounts to unauthorized access.
These recent breaches serve as a warning to companies and government entities about the potential risks associated with poorly secured social media accounts. The focus on X accounts in these incidents may be temporary, highlighting the need for organizations and individuals to adopt phishing-resistant multifactor authentication to safeguard all social media accounts effectively. As the threat landscape evolves, prioritizing robust security measures becomes imperative to prevent unauthorized access and the spread of scams.
