Responsible Actor Remains Unidentified
The Twitter accounts in question usually post information about Washington DC’s metro system. On Monday, the WMATA’s Twitter name was changed to “Blueface Da Bus.” One of the tweets on the page read as follows: “Ok ok we aint hacked I just hate being a social media manager for a [F***ING] BUS TWITTER.” A few hours after the incident, the WMATA regained control and took down the tweets. However, some of the retweets from the incident are still accessible. According to a WMATA spokeswoman, the Twitter accounts are now secure. “We are aware that Metro’s Twitter accounts @WMATA @MetrorailInfo were hacked and obscene posts were made that do not represent Metro’s organization or culture,” the spokeswoman stated. “We are working to understand who may be responsible for this breach,” they added.
Incident Raises Concerns About Twitter Accounts of Public Services
While Washington DC’s transit authority confirmed they had regained control of their social media, the incident has raised concerns about the security of Twitter handles of essential services. Recently, the US Government has taken a number of measures to improve the cyber defense of critical enterprises. This move came after a spike in cyberattacks over the last year against fuel pipelines, hospitals, water systems, educational institutions and the agriculture sector, among others. Since people depend on Twitter accounts like Washington DC’s transit authority for information that affects their daily lives, many experts and cybersecurity analysts believe they should be treated as critical infrastructure.
WMATA Silent on Whether the Accounts Enabled Multi-Factor Authentication
The US government has taken an aggressive stance against the growing number of cyber incidents against American enterprises. As a part of this, federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA) have urged companies to step up their network security. They regularly issue guidelines directing organizations to implement multi-factor authentication (MFA) to secure accounts. WMATA has not provided answers to questions from media outlets about their security or MFA measures on their Twitter accounts. MFA may not be as secure as it once was, as hackers are now finding ways to take advantage of MFA fatigue. While it is important to secure Twitter accounts from the prying eyes of malicious actors, have you ever thought about what Twitter knows about you? If you’re curious, check out our article that explains the kinds of information Twitter collects.
