On Wednesday the 30th of August 2023, a Kenyan financial research firm lost access to its X account. The hack on its account sent Mwango Capital in a two-week state of limbo endlessly frustrated by the social media company.
Mwango Capital did eventually regain access to its X handle. However, the research firm has not stopped at the reinstatement of its account. The firm is seeking more information on what exactly happened to its social media account.
In the quest to regain access to their account, the firm retained Ian Mutiso, an advocate of the High Court of Kenya. While engaging with the lawyer, Techweez learned that Mwango Capital had suffered a social engineering hack.
In a conversation via text, he confirmed that a cyber forensic investigator “ was able to unearth a similar trail of hacks that have happened since 2020.” This led them to be concerned about how the hackers succeed and what kind of senstive data they may have accessed.
X Corp Past Hacks
X has an administrative tool, that is referred to as an “agent tool”. This tool allows X Corp staff to manipulate account-level settings of accounts.
“We suspect our client’s data has been misused and we believe this hack happened because of the fact X Corp has failed to control “Agent Tool” said Mr. Mutiso.
This is not the first time the “Agent tool” has been implicated is similar cases. In 2020, high profile accounts belonging to the likes of Joe Bidden, Barrack Obama and current X owner Elon Musk were hacked. Similar to the Mwango Capital hack, the compromised accounts started posting cryptocurrency scams.
One of the hackers at the time confirmed to Vice that they had paid an insider at the company. It was reported the accounts had been compromised once the hackers were given access to the internal tool.
Mr. Mutiso says they suspect rogue employees at X Corp are misusing this tool again. This is happening despite the fact that X Corp is facing a multi-million-dollar class action due to a data breach.
The advocate states they know has the hack was done. In response to our question he stated: “we believe there is a serious problem in X Corp in terms of use and access of the “Agent-Tool” which is used in the social engineering hacking of user accounts”.
However, the evidence is circumstantial. Due to this, they have relied on provisions of the General Data Protection Regulation (GDPR) to compel X Corp into sharing information on the hack. On this request, X Corp has complied but not fully. Mr. Mutiso and his client are seeking full compliance.
“We believe, X Corp is shielded from disclosing this information because it will allow my client to have reasonable grounds to sue them”, stated the Kenyan advocate.
FOIA Request and FBI Complaint
To gain the information X Corp is shielding, Mr. Mutiso has made a Freedom of Information Act (FOIA) request. An FOIA request compels federal agencies to disclose any information requested. They have made the request because X Corp has been investigated in the past due to account hacks. Hence, there are US federal agencies that have information that is of interest to Mr. Mutiso and his client.
Additionally, while X Corp is currently a private company, it was once a public company. Therefore, a number of government agencies can be compelled to share past information on the company.
Mwango Capital through the lawyer have also filed a complaint to the FBI through the Internet Crime Complaint Center (IC3). IC3 is an FBI portal that enables victims of cybercrimes to report a suspected cybercrime or other illegal internet related activities.
It will take 20 days to receive these reports including from the FBI.
Mwango Capital Quest A Game Changer
Social Media has been important for people around the globe. It has become a source of revenue and this is often tied to the value one provides to their audience. Mwango Capital for example has amassed 95K followers in just 3 years on X.
However, a number of the global companies have not prioritized African users. Mr. Mutiso personally thinks his client quest is bound to be a game changer. He told Techweez,
“When these mutli-billion-dollar companies do not take complaints or concerns of users within Africa to be specific, that is borderline negligence, discrimination & breach of the federal trading laws and that needs to change. I think people will realize they can actually do something about it”