Dan Goodin on Nostr: Mandiant, the Google-owned company that sells cyber security services for large sums ...
Mandiant, the Google-owned company that sells cyber security services for large sums of money, got its Twitter account hacked last week.
Today, npub1jx4tyj6f8xwzzmuswnt3avs5v3tgw9wvd0zuthdft86w62ft6yks0glywk (npub1jx4…lywk) issued a terse and vaguely-worded update that strongly suggests (1) the password protecting the account was weak and readily guessable and (2) the account had previously used SMS, the weakest form of 2FA available before eventually allowing 2FA to lapse entirely. I asked for clarification and a representative responded: "we ultimately aren’t going to be sharing further details at this time."
It's reasonable to ask billion-dollar security companies to account for mistakes that have the potential to harm customers or the public at large. So much for transparency.
Today, npub1jx4tyj6f8xwzzmuswnt3avs5v3tgw9wvd0zuthdft86w62ft6yks0glywk (npub1jx4…lywk) issued a terse and vaguely-worded update that strongly suggests (1) the password protecting the account was weak and readily guessable and (2) the account had previously used SMS, the weakest form of 2FA available before eventually allowing 2FA to lapse entirely. I asked for clarification and a representative responded: "we ultimately aren’t going to be sharing further details at this time."
It's reasonable to ask billion-dollar security companies to account for mistakes that have the potential to harm customers or the public at large. So much for transparency.