Critical Path Security researcher Patrick Kelley told BleepingComputer that he was able to quickly find the credentials bad actors would need to infiltrate both the City of Griffin and P.F. Moon's systems with the help of several OSINT tools and techniques such as Shodan, RiskIQ's PassiveTotal, data dumps, and pastes.
"I work heavily with small governments. Very similar issues across all municipalities. Small budgets. High expectations. I was VERY happy that the City of Griffin was doing Security Awareness Training. It's quite rare," added Kelley.
"The biggest thing we've been pushing that works are phone, text, some sort of additional factor to authorize a payment change."