An X Corp. account belonging to Google LLC-owned cybersecurity firm Mandiant was hacked on Wednesday and used to promote a cryptocurrency scam.

The scammer who took control of the account on X, still generally known as Twitter, spread a cryptocurrency scam while pretending to be the Phanton crypto wallet, with a message claiming that a distribution of the $PHNTM cryptocurrency was underway. Not surprisingly, the link in the X post sent readers to a fake phishing site that asks users to enter their wallet details to claim their share of the distribution.

The account was reportedly recovered several hours after being taken over. A spokesperson for Mandiant later tweeted, “As you likely noticed, yesterday, Mandiant lost control of this X account, which had 2FA enabled. Currently, there are no indications of malicious activity beyond the impacted X account, which is back under our control. We’ll share our investigation findings once concluded.”

The fact that Mandiant claims to have had two-factor authentication enabled begs the obvious question: How did the hacker gain access? Is it a security issue on X’s end, or was someone able to gain access to devices belonging to Mandiant? SiliconANGLE will update the situation once Mandiant releases its findings.

Mandiant was acquired by Google in a $5.4 billion deal in 2022. The company has continued to operate under the Mandiant brand since, although some of its core offerings are now offered in combination with Google Cloud cybersecurity products.

The hack of Mandiant’s account isn’t the first time an account on X or Twitter has been hacked. However, Bleeping Computer reported today that there has been a recent uptick in takeovers of accounts belonging to X users with gold or gray badges. Gold in X indicates an official organization or company, while gray indicates a profile representing a government organization or official.

Recent account takeovers include that of Canadian Senator Amina Gerba, Brazilian politician Ubiratan Sanderson and a nonprofit that goes by the name of  “The Green Grid.” In most cases, those who have taken over targeted accounts have promoted cryptocurrency scams. Whether this is more a case of opportune hacking or part of a broader campaign is yet to be seen.

Image: Mandiant