Whether this was account compromise, an errant administrator post, or spoofing, the incident exposes the same control gap: SMRT's X account has 471,000 followers who treat it as an authoritative source during transit disruptions, and the authentication and approval controls protecting it allowed an unauthorized post to stay live for ten minutes. A public communications channel used by a critical infrastructure operator during real emergencies needs hardware-backed MFA, off-hours posting approval requirements, and real-time content monitoring, not just a post-incident investigation process.
Whether this was account compromise, an errant administrator post, or spoofing, the incident exposes the same control gap: SMRT's X account has 471,000 followers who treat it as an authoritative source during transit disruptions, and the authentication and approval controls protecting it allowed an unauthorized post to stay live for ten minutes. A public communications channel used by a critical infrastructure operator during real emergencies needs hardware-backed MFA, off-hours posting approval requirements, and real-time content monitoring, not just a post-incident investigation process.