MilkyWay Incident Report: Unauthorized Access and Posted on MilkyWay’s X Account

Date of Incident

January 12, 2024 from 1:13 AM GMT to 3:25 AM GMT

Description of the Incident

An individual approached one of our team members for an interview, falsely claiming to be an editor from a reputable media company.

• 1:13AM GMT: The unauthorized individual used a malicious link disguised to impersonate Calendly to gain read and write access to our X account, despite us having two-factor authentication (2FA) enabled. This was very smartly planned and precisely targeted.
• 2:14 AM GMT: The individual posted an unauthorized post that contains the phishing link by utilizing the granted application.
• 3:14 AM GMT: One of our team members notified the team immediately after he noticed.
• 3:15 AM GMT: We promptly deleted the unauthorized post from the account, logged out of all the sessions and investigated into our connected applications.
• 3:25–3:45 AM GMT: We discovered the malicious application connected a few hours ago and promptly revoked its permissions. Subsequently, we reset our password and 2FA as a precaution to prevent any further unauthorized access.

Immediate Response

1. We removed the unauthorized post and changed the url that directs to their phishing site.
2. We terminated all the sessions.
3. We investigated into connected applications and revoked permissions from the malicious application.
4. We reset our password and 2FA as a precaution to prevent any further unauthorized access.
5. We reviewed all the affected accounts and take actions accordingly.

The phishing site to which the unauthorized individual directs our users

Potential Impact

The unauthorized post was live for approximately one hour, during which it could have been viewed by numerous users. This incident was a phishing attempt, with the goal of draining the wallets of users who connected to the website through the deceptive link.

We are conducting an investigation to determine if any of our users have been affected by this incident. If you have been impacted by the phishing attempt, please contact us via Discord or Telegram, and we will provide assistance.

Recommendations to other teams

• Do NOT panic and take your time to read through the Help with my compromised account written by the official X team and take actions accordingly.
• Investigate the root cause of the security breach, how it was exploited so you can take actions accordingly.

Acknowledgements

We would like to express our gratitude to everyone involved in the resolution of the recent security incident with our X account.