A Metro train stops at a station in Washington, DC, in May 2016.
Washington CNN  — 

Social media accounts for Washington, DC’s transit authority were hacked Monday morning and those accounts have now been secured, a spokeswoman for the Washington Metropolitan Area Transit Authority confirmed.

In the early morning, a series of lewd tweets and photos were posted on the Twitter accounts for the metro rail service and WMATA, which posts information about the capital area’s metro system. The WMATA Twitter page name was also changed to “Blueface Da Bus,” according to CNN affiliate WJLA. A tweet on the metro rail service’s page read, “Ok ok we aint hacked I just hate being a social media manager for a [F***ING] BUS TWITTER,” the affiliate also reported.

The spokeswoman for WMATA told CNN the “posts are being removed and our accounts secured.”

“We are aware that Metro’s Twitter accounts @WMATA @MetrorailInfo were hacked and obscene posts were made that do not represent Metro’s organization or culture,” the spokeswoman said via email on Monday. “We are working to understand who may be responsible for this breach.”

Around mid-morning, it appeared the tweets had been removed and “This Tweet is unavailable” messages were in their place. However, some of the retweets during the hack remained, including one in which a user asks the transit authority to wish a family member a happy birthday and a retweeted video of two people fighting.

The US Cybersecurity and Infrastructure Security Agency and national security officials have urged agencies and companies to ensure multi-factor authentication measures are implemented to prevent accounts from being taken over by hackers. The Biden administration has also taken steps to ramp up cybersecurity efforts after a string of ransomware attacks on critical infrastructure by cybercriminals in 2021.

WMATA did not respond to repeated questions about security or two-factor authentication measures on the accounts.

Some analysts argue that the Twitter accounts of high-profile companies, organizations and agencies, including that of DC’s metro authority, should be considered “critical infrastructure,” because their compromise could have wide-ranging impacts.

In April 2013, a hacker accessed The Associated Press’ Twitter account and posted a fake White House emergency that sent stocks plunging.