Viewing a single comment thread. View all comments

OnARedditDiet t1_ix10e0u wrote

It's unlikely a security breach, more likely got phished or just a bad password

Enable 2fa yall

1

borari t1_ix16qdb wrote

That's 100% a security breach. A security breach isn't just Cobalt Strike implants beaconing out from your systems, it includes stuff like social media account takeovers, business email compromise, etc. Any respectable SOC or IR team will have a playbook for this type of situation. It's not any sort of data exfiltration where people's PII is at risk, which is what I think you may have been trying to get at.

0

OnARedditDiet t1_ix18vl8 wrote

It's a breach of whoever's account not of Facebook.

You're not activating facebooks SOC because 1 (non-paying) customer was phished.

Edit: I would assume Byrd theater does not have a full time IT employee or a MDR contract.

2

borari t1_ix1d6of wrote

Nobody said anything about Facebook getting hacked, or Facebook's IR team. I was just saying that an arbitrary company with a respectable SOC/IR team would have a playbook for dealing with social media account compromise in addition to their playbooks for ransomware, c2 beaconing alerts etc., because a compromised social media account is a compromised business asset, which is a security breach.

0

OnARedditDiet t1_ix1dswb wrote

Nobody said facebook had a breach except the comment I was replying to...

https://old.reddit.com/r/rva/comments/yzcgnp/byrd_theaters_facebook_page_got_hacked_everyone/iwzikql/

I understand your point but the only thing I'm saying is that it's unlikely that this one page was impacted by a facebook security breach (if there was one).

2

borari t1_ix1e2c9 wrote

Ah. I'm a complete idiot. I was over here thinking "of course The Byrd suffered a security breach, what else would this be?". Ignore me.

2