Google-owned cybersecurity firm Mandiant has discovered itself within the awkward place of getting to wrestle again management of its Twitter account, after it was hijacked by scammers yesterday.
The official Mandiant account, which is adopted by over 100,000 individuals, was seized by scammers selling hyperlinks to a phony web site which claimed to supply free $PHNTM cryptocurrency tokens (however which was really aiming to empty punters’ wallets.
The hackers renamed the account “Phantom”, and adjusted its biog to fake to belong to the Phantom cryptocurrency pockets.
In a tweet, since eliminated, the hackers posted the next message:
The $PHNTM distribution has formally began.
Our snapshot recorded over 250,000 wallets, head over to our web site to examine in the event you’re eligible to say.
[LINK]
The quantity of tokens you obtain will rely in your portfolio & snapshot place.
The fraudsters taunted Mandiant in a sequence of tweets because it struggled to regain management of its account. One of many messages suggested the cybersecurity firm to alter its password, and one other identified it might be clever to examine what the Twitter account might have bookmarked whereas it was underneath the management of the scammers.
Mandiant has since restored its entry to the account, and posted an acknowledgement of the incident.
As you probably seen, yesterday, Mandiant misplaced management of this X account which had 2FA enabled. At present, there aren’t any indications of malicious exercise past the impacted X account, which is again underneath our management. We’ll share our investigation findings as soon as concluded.
It’s clearly reassuring to listen to that Mandiant had two-factor authentication enabled on its Twitter account, as that does present a better degree of safety.
Nevertheless, it maybe additionally serves as a well timed reminder to all of us that having 2FA turned on doesn’t imply that an account is inconceivable to compromise. Will probably be fascinating to listen to what Mandiant has to share in regards to the safety breach, and what different corporations might be taught from the incident.
By the best way, Mandiant wasn’t the one safety agency to have its Twitter account hijacked this week. CertiK additionally fell foul, of their case to a cryptocurrency scammer who posed as Forbes journalist eager to schedule a gathering for an interview.