Cybersecurity firms are paid to protect their clients from hackers. But what happens when they’re the target?
U.S. cybersecurity firm Mandiant confirmed Monday that one of its analyst’s social media accounts had been compromised in an attack.
It was not immediately clear if internal networks belonging to Mandiant or its parent company FireEye had also been infiltrated.
“We immediately began investigating this situation, and took steps to limit further exposure,” Mandiant said in a statement. “Our investigation continues, but thus far it, we have found no evidence FireEye or Mandiant systems were compromised.”
An anonymous message posted online claimed that the analyst’s passwords, billing address, Amazon account and LinkedIn profile had been compromised.
The hackers also claimed to have accessed Mandiant’s internal systems, but provided no evidence.
“Let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field,” the post said of cybersecurity analysts.
It called on other hackers to join its #LeakTheAnalyst operation.
FireEye shares dropped 3% on Monday.
Rustam Mirkasymov, a cyber threat intelligence expert at Group IB, said the attack was “very bad for the cybersecurity community.”
“This incident reveals that sometimes professionals who work in cybersecurity don’t pay enough attention to their own security,” he said.
Mirkasymov said it didn’t appear that any internal Mandiant or FireEye data was compromised based on the information posted online.
Mandiant, which was purchased by FireEye for $1 billion in 2014, tackles high-profile hacks and has worked for companies including Sony, Target and Home Depot.
Mandiant clients include financial firms, government agencies, universities and medical centers. The company says it has worked with Saudi Arabia’s energy ministry and the Texas Children’s Hospital, for example.