Last night, the EcoCash X account was subjected to unauthorized access. During the period of the unauthorized access, the account published inappropriate content and messages attributed to an individual claiming responsibility for the takeover. EcoCash moved swiftly to restore control of the account.
Important: The compromise was limited to the EcoCash X account. EcoCash’s financial systems, customer accounts, and transaction infrastructure were not affected at any point. All payment services operated normally throughout the incident. Customer funds remain fully secure.
EcoCash obviously does not condone the use of disruptive or unlawful means to raise grievances as established customer service channels exist to address disputes, including the matter that appears to have precipitated this incident.
While the exact method has not been confirmed, common causes of social media account takeovers include:
- Weak or reused password on the X account (very unlikely for EcoCash)
- No two-factor authentication (2FA) enabled (again unlikely for EcoCash)
- Possibly a team member’s credentials phished or leaked someone with access to the account clicked a malicious link or entered login details on a fake site
- Third-party app with account access was compromised likesocial media scheduling or management tools connected to the account could be an entry point
- SIM swap attack could haveperpetrator cynically convinced a mobile carrier to transfer the account holder’s number, intercepting SMS-based 2FA codes
