Google-owned cybersecurity firm Mandiant has discovered itself within the awkward place of getting to wrestle again management of its Twitter account, after it was hijacked by scammers yesterday.
The official Mandiant account, which is adopted by over 100,000 individuals, was seized by scammers selling hyperlinks to a phony web site which claimed to supply free $PHNTM cryptocurrency tokens (however which was really aiming to empty punters’ wallets.
The hackers renamed the account “Phantom”, and adjusted its biog to fake to belong to the Phantom cryptocurrency pockets.
In a tweet, since eliminated, the hackers posted the next message:
The $PHNTM distribution has formally began.
Our snapshot recorded over 250,000 wallets, head over to our web site to examine should you’re eligible to assert.
[LINK]
The quantity of tokens you obtain will rely in your portfolio & snapshot place.
The fraudsters taunted Mandiant in a collection of tweets because it struggled to regain management of its account. One of many messages suggested the cybersecurity firm to vary its password, and one other identified it will be clever to examine what the Twitter account could have bookmarked whereas it was below the management of the scammers.
Mandiant has since restored its entry to the account, and posted an acknowledgement of the incident.
As you seemingly seen, yesterday, Mandiant misplaced management of this X account which had 2FA enabled. Presently, there are not any indications of malicious exercise past the impacted X account, which is again below our management. We’ll share our investigation findings as soon as concluded.
It’s clearly reassuring to listen to that Mandiant had two-factor authentication enabled on its Twitter account, as that does present the next stage of safety.
Nevertheless, it maybe additionally serves as a well timed reminder to all of us that having 2FA turned on doesn’t imply that an account is not possible to compromise. It will likely be attention-grabbing to listen to what Mandiant has to share in regards to the safety breach, and what different firms may be taught from the incident.
By the best way, Mandiant wasn’t the one safety agency to have its Twitter account hijacked this week. CertiK additionally fell foul, of their case to a cryptocurrency scammer who posed as Forbes journalist eager to schedule a gathering for an interview.
Additional studying: Safety agency Mandiant says it didn’t have 2FA enabled on its hacked Twitter account.
