Mandiant's X (Twitter) Account Hacked to Promote Crypto Scam
The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary.
Twitter is a social media platform whose accounts, APIs, and integrations can expose users to account takeover, data leaks, and abuse.
Search across headline titles and summaries.
Background for this topic.
Twitter is a public social-media platform, now operated under the X name, where users post short messages, share media, and communicate through replies and direct messages. Its security relevance comes from the volume and speed of public content, account relationships, and links exchanged there. Researchers also use it for threat intelligence, while attackers may exploit public trust and impersonation to distribute phishing pages, malware, or fraudulent information.
Material risks include account takeover through stolen credentials, session theft, or compromised third-party applications; abuse of APIs and OAuth permissions; and exposure of personal data in posts, metadata, or private communications. Security teams should verify accounts and links rather than treating platform identity as proof, restrict and review application access, protect administrator accounts with phishing-resistant multifactor authentication where available, and preserve relevant posts or messages during investigations because content and account ownership can change.
Weekly headline count for the current query.
The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary.
Verified accounts for celebs and organizations deliver a deep vein of cybercrime riches for crooks.
Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.
The former hacker and Twitter security executive will use his role to help fulfill the Biden administration's plans for the National Cybersecurity Strategy.
Platform's independent server "instances" may have different security levels, creating potential for supply chain-like vulnerabilities.
A consumer finance journalist and television personality took to Twitter to warn his followers about advertisements using his name and face to scam victims.
GDPR is halting Meta's new Threads app from entering EU markets, portending a broader struggle over the right ways to collect user data on social apps.
Meta's answer to Twitter went live and quickly racked up millions of members — but the social media app's privacy practices are under the microscope.
Extradited from Spain, PlugWalkJoe has been sentenced in US court and is now headed to federal prison on a raft of charges related to account hijacking and cyber stalking.
The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.
Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.
Former Humu, Google, and Twitter security leader adds deep security experience.
Confessed cybercriminal hijacked Twitter, TikTok, and Snapchat accounts; defrauded victims; and more.
Overcoming the limitations of consumer MFA with a new flavor of passwordless.
A flaw in Twitter code allows bot abuse to trick the algorithm into suppressing certain accounts.
Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.
A top Iranian, state-sponsored threat is a spear-phishing campaign that uses a fake Twitter persona to target women interested in Iranian political affairs and human rights.
As companies increasingly adopt MFA (even as companies like Twitter disable it), cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.
Making the option available only to paid subscribers — while also claiming SMS authentication is broken — doesn't make sense, some say. Is it a cash grab?
Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play?