Cyber Incident Victim: City of Wichita
Date:
Jul 2022
Location:
United States of America
Summary
The official Twitter account for Wichita was compromised by unauthorized access originating from Turkey, prompting immediate response efforts. Despite having two-factor authentication and recent password changes in place, the city was alerted by Twitter to the suspicious login and began securing the account. Hackers sent scam messages to verified users, including a local reporter, though the full scope of affected individuals remained unclear. Officials publicly warned against engaging with fraudulent communications while working to resolve the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 15, 2022, the official Twitter account for the city of Wichita, Kansas, experienced unauthorized access by hackers originating from Turkey. City officials confirmed the breach occurred Friday evening and initiated immediate steps to secure the compromised account. Spokesperson Megan Lovely stated the city had previously implemented two-factor authentication and recently changed passwords prior to the incident. Twitter alerted the city administration about a suspicious login attempt from Turkey earlier that day, prompting officials to contact Twitter’s support team and reset account credentials. The hacking incident remained unresolved as of 8:30 p.m. local time, with Lovely expressing hope for a swift resolution.
Attackers exploited the compromised account to send direct messages promoting a cryptocurrency scam, leveraging the account’s verified status with a blue checkmark to enhance credibility. At least one Wichita Eagle reporter received such a message, though officials could not immediately determine the total number of recipients. Spokesperson Jim Jonas publicly warned citizens against engaging with the fraudulent messages. The city’s response included coordinated password changes, direct engagement with Twitter’s security team, and public advisories through local media outlets. Consequences included temporary loss of control over an official communication channel, reputational risks from fraudulent activity conducted under the city’s identity, and potential financial threats to individuals targeted by the scam messages. City officials continued investigating the breach while working to fully restore account security.