Google security firm Mandiant working to resolve X account takeover

The Google-owned cybersecurity firm Mandiant said it is looking into an incident where its X account was taken over by someone sharing links to a cryptocurrency platform.

On Wednesday afternoon around 3:30 pm EST, Mandiant’s account on the social media platform tweeted out links to a company called Phantom, which offers customers a wallet for cryptocurrency.

The account appeared to have been deleted for several minutes before returning with Mandiant logos but its username changed to “@phantomsolw.”

Today Mandiant had their Twitter account stolen.

2024 starting strong pic.twitter.com/gHagm2o36q

— vx-underground (@vxunderground) January 3, 2024

As of 5:30 p.m. EST, the account has retweeted dozens of messages sent out by Phantom.

“We are aware of the incident impacting the Mandiant X account and are working to resolve the issue,” a Mandiant spokesperson told Recorded Future News.

Representatives for Phantom did not respond to requests for comment. The company’s wallet is widely regarded and available on the app stores for both Google and Apple.

Mandiant was purchased by Google in 2022 for $5.3 billion and incorporated into Google Cloud.

In recent months, concerns have grown over X’s ability to protect high-profile accounts from takeovers. Since being purchased by Tesla CEO Elon Musk, the social media site has cut hundreds of security employees, exposing it to a wave of spam accounts.

On Tuesday, a Canadian senator had their Twitter account taken over to spread a scam.

Last month, two researchers discovered vulnerabilities in Twitter that were not addressed for weeks by the social media site’s team.

Chaofan Shou, a Ph.D. student at the University of California - Berkeley, told Recorded Future News that the company never replied to his email about the issue. In a post on the platform, he said the bugs would allow anyone to take over an account.

“Both vulnerabilities are obvious and easy to find for folks working in security,” he said on December 13.

“The exploit I disclosed is built up on two vulnerabilities. One discovered by @rabbit_2333 and one discovered by me. Twitter has acknowledged neither of them.”