Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account

Mandiant’s official Twitter account was hijacked and used to promote a cryptocurrency scam; the company says the takeover was likely a brute-force password attack and that insufficient 2FA (following platform policy changes and team account transitions) left the account vulnerable. Mandiant has published a blog linking the incident to CLINKSLINK wallet-draining malware and says it has updated processes to prevent recurrence.