Despite having 2FA enabled, Mandiant, a Google-owned company, was recently the victim of a cyber-attack against their Twitter account with over 100,000 followers.
To appear more legitimate, the hackers renamed the account “Phantom” and updated the bio to pose as the Phantom Cryptocurrency wallet. The hackers then used the account to promote links to a phony website claiming to offer free $PHNTM cryptocurrency tokens.
Aside from attempting to gain access to financial information, the hackers also mocked Mandiant in a series of tweets suggesting that the company change the password and check the account bookmarks once they got control of the account again. Upon regaining control of the account, Mandiant confirmed that they had 2FA enabled and were looking into the issue.
2FA, also known as multifactor authentication, requires an extra layer of security where you need to insert a code from an app, fingerprint, facial scan, or an additional method to authenticate your identity. You can check out our previous blog post on how 2FA can help you make your passcodes more secure to learn more about it.
The Mandiant breach serves as an important reminder that 2FA does not completely defend against cyberattacks. You should still enable 2FA to protect yourself, but it should be used in addition to safe cyber habits and frequent monitoring.