NAIROBI, Kenya- The Kenya Revenue Authority (KRA) has confirmed a major security breach: its official X (formerly Twitter) account, @KRACare, has been compromised by hackers. The handle has been immediately switched to “StandsX,” prompting an urgent warning to the public.
What You Need to Know
This is a serious threat, as the compromised account could now be used for fraud. The KRA has issued a firm directive to the public:
- DO NOT engage with any posts or messages from the compromised account.
- NEVER share personal information, click on suspicious links, or send money in response to anything posted by “StandsX.”
“Members of the public are strongly warned not to engage, share personal information, or send money to any messages or posts from this account, as they are fraudulent,” the KRA stated.
KRA’s Response and Official Channels
The KRA is treating the matter as a top priority. They have immediately launched efforts, in collaboration with X, to regain control of the account and restore its security.
Until the issue is resolved, all official updates will be provided exclusively through KRA’s verified communication channels:
- Facebook: https://facebook.com/KRACare
- WhatsApp: 0711099999
Cybersecurity experts point out that these attacks are increasingly common. Hackers often target high-profile, public-facing accounts to exploit the public’s trust and extract financial information.
They typically gain access through methods like phishing or using weak/reused passwords. Changing the account handle (like to “StandsX”) is a classic tactic to obscure the breach while trying to scam followers.
The KRA’s swift move to redirect communication to verified channels underscores a crucial lesson: always cross-check unusual posts before taking action, especially if they ask for money or personal details.
Security specialists advise everyone to protect their own accounts by:
- Using Two-Factor Authentication (2FA).
- Creating unique, strong passwords.
- Regularly monitoring account access.
The KRA has assured Kenyans that updates will follow as soon as the official account is secured.
