PALM SPRINGS — Patrick Bewley, a gay adult content creator, had his X account compromised in April after receiving a direct message containing a link that requested login credentials. The attacker used the account, which had 132,000 followers, to promote right-wing figures before it became inactive in May.

On April 9, Bewley received a direct message from porn director Jasun Mark, whose X account had been previously compromised. After Bewley entered his credentials on an unauthorized login page, the attacker gained access and changed the associated name, telephone number, and email address. The X account handle was changed to @DADDYPATRIOzvu on April 9 and then to @Fatherokdwcjo63 on April 10. Jerry Burt, Bewley’s partner, utilized his personal X account to report the compromised account as stolen.

The compromised account’s banner and avatar were updated to display a black-and-white image of Steve Bannon promoting WarRoom.org. On April 16, the account posted an image of Donald Trump with a text overlay that read, “GOOD MORNING, I’M STILL YOUR PRESIDENT.” The account also reposted approximately 20 to 30 posts daily from Republican accounts such as @MAGAVoice. The attacker demanded $2,000 in GAT cryptocurrency for the account’s return, telling Burt, “Just pay for it. That’s all. You want this account or not? Ain’t joking man,” and later contacted Ducati Studios Network, where Bewley serves as chief marketing officer, to demand $3,000 in cryptocurrency after Bewley declined to pay.

Bewley said, “The hacker knew that would be distressing for me. And so that I would be more likely to want to shut it down.” He said, “If you ask me what the potential loss is, being associated with MAGA as a gay content creator is like saying you’re a Nazi. It’s a no-go territory. There’s no middle road.”

X informed Bewley weeks after his report that it could not verify he was the true owner of the compromised account. Bewley filed a police report in Palm Springs and submitted a report to the Federal Bureau of Investigation. All posts were removed from the account feed in May, and the account became inactive. Rachel Tobac, chief executive officer of SocialProof Security, said, “If I were a cybercriminal and I also know that the right wing often has trouble with certain demographics, I am going to target accounts that they have trouble motivating.”