UK politician criticizes X (formerly Twitter) after account hijacked by crypto scam

Zack Polanski, the deputy leader of the United Kingdom’s Green Party, has called on X (formerly Twitter) to “protect the site's users more robustly and restore accounts more quickly” after his account was hijacked earlier this week.

Polanski’s account on the social media platform was obtained over the weekend by what appeared to be a cryptocurrency scam replacing the politician’s avatar and header image and posting links to an external site.

“It's important people are able to engage with their elected representatives' work through social media,” said Polanski in a statement shared by the Green Party’s press office, adding: “I’m keen that X tackle those who have hacked into my account and restore my access as soon as possible.”

Shortly after Polanski sent Recorded Future News his statement, the account was reinstated, although a Green Party spokesperson said that Polanski still did not have control of it. The commandeering of politicians’ accounts could pose an election integrity risk in the United Kingdom, which is expected to go to the polls later this year.

Polanski’s account takeover mirrors another last week in which a Canadian senator had their X account hijacked to spread a similar scam. The account of Google-owned cybersecurity firm Mandiant was also appropriated by someone sharing links to a cryptocurrency platform.

It is not yet clear how these accounts have been hijacked. Researchers say that dark web forums and marketplaces are increasingly selling access to hijacked X accounts that have been verified with specialized tags — such as the gray tick given to politician and government accounts.

Last month, two researchers discovered vulnerabilities in X they said would allow anyone to take over an account that were not addressed for weeks by the social media site’s team.

Chaofan Shou, a PhD student at the University of California, Berkeley, told Recorded Future News that the company never replied to his email about the issue.

Criticism of the company is growing regarding its ability to protect its users from account takeovers, as well as inauthentic content spamming their timelines, following Elon Musk’s purchase of the site and sacking of hundreds of security employees.

Recorded Future News’ email to X’s press office — which has similarly been denuded of staff — received an automated reply: “Busy now, please check back later.”