Mandiant account on Twitter hacked, used to steal cryptocurrency

Mandiant, a security firm owned by Google had their ccount on Twitter hijacked by an unidentified scammer. This incident, which unfolded over several hours, saw the scammer using Mandiant's account to impersonate Phantom, a cryptocurrency wallet service, and lure users to a malicious website under the guise of a token award. The scam posts were repeatedly removed by Twitter employees in a struggle to regain control of the account, and reposted by the scammer.

During the course of the breach, the scammer not only changed the @mandiant username but also actively used the account to promote a fraudulent website, promising free tokens to users. A peculiar message left by the scammer advised Mandiant to “check bookmarks when you get account back” and to change their password. This incident culminated in the Mandiant profile displaying a message that the account no longer existed.

While Mandiant officials acknowledged the incident and stated they had regained control of the account, they did not provide specific details on how the breach occurred. The breach raises significant concerns, considering Mandiant's stature as a leading company in investigating and recovering from major network compromises, with in-depth knowledge of threat actors and their tactics.

Questions remain about the security measures Mandiant employed for its Twitter account, including the robustness of its password and whether any form of two-factor authentication was in place. The incident coincided with claims of a potential XSS and CSRF vulnerability on the Twitter platform.