Former Mayor of Pittsburgh Bill Peduto has fallen victim to a hacking incident on X (formerly Twitter). Scammers have hijacked his account, which has nearly 100,000 followers, and are using it to promote a fake laptop giveaway. The account is advertising unrealistic MacBooks for an even more unrealistically low prices. Needless to say, do not send money to these scammers currently in control of his account.
This incident is part of a growing trend of hackers targeting Pittsburgh celebrities across social media. In late August, local musician Avi Diamond’s Facebook account was compromised. Meanwhile, likely the same group of hackers has created dozens of fake profiles impersonating nonprofit executives across the region. For example, The Pittsburgh Foundation is not, as some scams claim, giving away grant money through shady web forms that request bank account details.
Although it’s not confirmed, evidence suggests this attack may have originated from Russia, as it coincides with the hijacking of the domain BillPeduto (dot) com. Avoid visiting the site.
Domains can expire for various reasons, and in this case, the domain was originally managed by the now-defunct People for Peduto group. When no one renewed the domain in March, it was snapped up by DropCatch, a domain auction service. Expired domains are often targeted by spammers and other bad actors hoping to profit from the original owner’s reputation.
Expired domains are priced based on backlinks pointing to the domain, which BillPeduto(dot)com has 5.9k unique websites referring to it. The new owner has 301 redirected the domain and its page rank to gambling sites. Google updated its algorithm earlier this year to combat this scummy SEO tactic.
Although the sale price of Peduto’s domain is unknown, ICANN records show the new owner is based in Moscow, Russia. Since acquiring the domain, the new owner has placed it on Cloudflare, a service that manages web traffic and provides security features. While Cloudflare typically offers protective measures, in this case, it may have been used to facilitate the exploit. The new owner has also redirected emails associated with the domain, which could have been linked to Peduto’s social media accounts, potentially allowing them to reset passwords and take control of his X account.
At this time, it’s unclear whether this method was used to compromise Peduto’s social media. Peduto could not be reached for comment before publication.
This is not an isolated incident. Expired domains have been causing problems for Pittsburgh businesses and public figures throughout the year. For example, older domains for Fat Head’s Saloon were scooped up by resellers. The former Pittsburgh Observer domain was repurposed to spread false news about the 2024 Moore Capito campaign. Investigative Reporter Kyle Vass uncovered that Caiden Cowger was behind the site’s fake headlines. Despite The Pittsburgh Observer being discredited as a news source, the site continues to operate, publishing dubious stories.
Authenticity is currency in the age of AI deception. Older accounts whether domains or social media handles are a currency on the black market for spammers and state actors. Peduto has learned a hard cybersecurity lesson with this attack, but you don’t have to.
What can you do to avoid losing access to your accounts?
First, don’t let your domain names expire, whether for personal use or business. If you use your own domain name for email, renew it for the maximum duration, typically up to ten years. Second, enable two-factor authentication (2FA) and use Passkeys where available. Third, use a password manager like Apple’s Passwords or Dashlane to generate and store unique passwords for each site and service.
Update: Bill Peduto seems to be back in control of the account and posting Pittsburgh centered content once again. The security breach lasted ten days spanning September 4th to the 14th.