Mandiant's X account was compromised through a brute-force password attack by a drainer-as-a-service (DaaS)* group. The account lacked two-factor authentication (2FA), which could have mitigated the attack.
*(DaaS): A Drainer-as-a-Service is a type of cyber attack where hackers sell access to their botnets, which are networks of computers controlled remotely.
