Cyber Defense Advisors

Cybersecurity firm Mandiant has its Twitter account hacked to promote cryptocurrency scam

Google-owned cybersecurity company Mandiant has found itself in the awkward position of having to wrestle back control of its Twitter account, after it was hijacked by scammers yesterday.

The official Mandiant account, which is followed by over 100,000 people, was seized by scammers promoting links to a phony website which claimed to offer free $PHNTM cryptocurrency tokens (but which was actually aiming to drain punters’ wallets.

The hackers renamed the account “Phantom”, and changed its biog to pretend to belong to the Phantom cryptocurrency wallet.

In a tweet, since removed, the hackers posted the following message:

The $PHNTM distribution has officially started.

Our snapshot recorded over 250,000 wallets, head over to our website to check if you’re eligible to claim.

[LINK]

The amount of tokens you receive will depend on your portfolio & snapshot position.

The fraudsters taunted Mandiant in a series of tweets as it struggled to regain control of its account. One of the messages advised the cybersecurity company to change its password, and another pointed out it would be wise to check what the Twitter account may have bookmarked while it was under the control of the scammers.

Mandiant has since restored its access to the account, and posted an acknowledgement of the incident.

As you likely noticed, yesterday, Mandiant lost control of this X account which had 2FA enabled. Currently, there are no indications of malicious activity beyond the impacted X account, which is back under our control. We’ll share our investigation findings once concluded.

It’s obviously reassuring to hear that Mandiant had two-factor authentication enabled on its Twitter account, as that does provide a higher level of security.

However, it perhaps also serves as a timely reminder to all of us that having 2FA turned on does not mean that an account is impossible to compromise. It will be interesting to hear what Mandiant has to share about the security breach, and what other companies could learn from the incident.

By the way, Mandiant wasn’t the only security firm to have its Twitter account hijacked this week. CertiK also fell foul, in their case to a cryptocurrency scammer who posed as Forbes journalist wanting to schedule a meeting for an interview.