The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a « brute-force password attack, » attributing the hack to a drainer-as-a-service (DaaS) group.
« Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected, » the threat intelligence firm said
