Cybersecurity firm Mandiant has its Twitter account hacked to promote cryptocurrency scam

Cybersecurity firm Mandiant has its Twitter account hacked to promote cryptocurrency scam

Google-owned cybersecurity company Mandiant has found itself in the awkward position of having to wrestle back control of its Twitter account, after it was hijacked by scammers yesterday.

The official Mandiant account, which is followed by over 100,000 people, was seized by scammers promoting links to a phony website which claimed to offer free $PHNTM cryptocurrency tokens (but which was actually aiming to drain punters’ wallets.

The hackers renamed the account “Phantom”, and changed its biog to pretend to belong to the Phantom cryptocurrency wallet.

Mandiant hacked account

In a tweet, since removed, the hackers posted the following message:

Mandiant hacked tweet

The $PHNTM distribution has officially started.

Our snapshot recorded over 250,000 wallets, head over to our website to check if you’re eligible to claim.


The amount of tokens you receive will depend on your portfolio & snapshot position.

The fraudsters taunted Mandiant in a series of tweets as it struggled to regain control of its account. One of the messages advised the cybersecurity company to change its password, and another pointed out it would be wise to check what the Twitter account may have bookmarked while it was under the control of the scammers.

Mandiant taunt

Mandiant has since restored its access to the account, and posted an acknowledgement of the incident.

Mandiant tweet

As you likely noticed, yesterday, Mandiant lost control of this X account which had 2FA enabled. Currently, there are no indications of malicious activity beyond the impacted X account, which is back under our control. We’ll share our investigation findings once concluded.

It’s obviously reassuring to hear that Mandiant had two-factor authentication enabled on its Twitter account, as that does provide a higher level of security.

Sign up to our free newsletter.
Security news, advice, and tips.

However, it perhaps also serves as a timely reminder to all of us that having 2FA turned on does not mean that an account is impossible to compromise. It will be interesting to hear what Mandiant has to share about the security breach, and what other companies could learn from the incident.

By the way, Mandiant wasn’t the only security firm to have its Twitter account hijacked this week. CertiK also fell foul, in their case to a cryptocurrency scammer who posed as Forbes journalist wanting to schedule a meeting for an interview.

Further reading: Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.