The city of Peterborough in Ontario, Canada is the latest to see its social presence attacked by hackers promoting cryptocurrency scams.
Unknown threat actors have been hacking into high-profile X accounts in recent weeks, using the victim’s profile to push cryptocurrency investment scams onto the follower base.
A notable example was the hack of the US Securities and Exchange Commission (SEC)’s account, with scammers posting an unauthorized message about cryptocurrency trading to its 660,000 followers.
The latest such incident occurred on the X account of Peterborough, a city of 83,600 in the Canadian province of Ontario.
The attackers somehow managed to obtain the login credentials to the municipality’s X profile, then renamed it to [at]JupiterExchange, and then tweeted links to a cryptocurrency scam for an entire day before the city’s IT people caught up with the swindle and severed the hackers’ access.
It isn’t clear how the account got hacked, but according to Brendan Wedley, the city’s director of strategic communications and service,
“three to five people had password access,” he said, as reported by IT World Canada.
Since multi-factor authentication is now mandatory on X, the attackers likely brute-forced the password and socially engineered the authentication codes out of the city’s staff.
No suspicious activity was detected on the city’s IT network, Wedley said, nor has there been any suspicious activity on the city email accounts of staff who had access to the X account, he added.
No personal information was shared by the municipality on its X social media account, according to a press release posted on the city’s official website, peterborough.ca.
“The City of Peterborough reacquired the account name @CityPtbo on X after the hacker changed the name of the account and work is underway to make it accessible to the public,” the announcement says.
The city, displaying a meagre 106 followers at the time this article was published, is waiting on X to restore its follower count.
If you’re sporting a hefty follower count, your X account may be a target. Be sure to use a trusted authenticator app to get your verification codes. If you ever receive a suspicious request for your account credentials, don’t be hasty. Use Bitdefender Scamio to check if you’re dealing with an attempt at account takeover.