OnARedditDiet t1_ix10e0u wrote
Reply to comment by Ditovontease in Byrd Theater’s Facebook page got hacked. Everyone should go report the posts so Facebook takes action by [deleted]
It's unlikely a security breach, more likely got phished or just a bad password
Enable 2fa yall
borari t1_ix16qdb wrote
That's 100% a security breach. A security breach isn't just Cobalt Strike implants beaconing out from your systems, it includes stuff like social media account takeovers, business email compromise, etc. Any respectable SOC or IR team will have a playbook for this type of situation. It's not any sort of data exfiltration where people's PII is at risk, which is what I think you may have been trying to get at.
OnARedditDiet t1_ix18vl8 wrote
It's a breach of whoever's account not of Facebook.
You're not activating facebooks SOC because 1 (non-paying) customer was phished.
Edit: I would assume Byrd theater does not have a full time IT employee or a MDR contract.
borari t1_ix1d6of wrote
Nobody said anything about Facebook getting hacked, or Facebook's IR team. I was just saying that an arbitrary company with a respectable SOC/IR team would have a playbook for dealing with social media account compromise in addition to their playbooks for ransomware, c2 beaconing alerts etc., because a compromised social media account is a compromised business asset, which is a security breach.
OnARedditDiet t1_ix1dswb wrote
Nobody said facebook had a breach except the comment I was replying to...
I understand your point but the only thing I'm saying is that it's unlikely that this one page was impacted by a facebook security breach (if there was one).
borari t1_ix1e2c9 wrote
Ah. I'm a complete idiot. I was over here thinking "of course The Byrd suffered a security breach, what else would this be?". Ignore me.
Viewing a single comment thread. View all comments