By 
Yesterday, EcoCash suffered a security breach when its official X account was hijacked for more than two hours. The attacker claimed they hacked the account to expose the company’s weak security systems in retaliation for $35 they alleged the mobile money platform had “stolen” from them.
During the takeover, the hacker defaced the profile by changing the account name to a profanity-laced demand for their money and updating the profile picture to a pornographic image. For hours, the attacker posted explicit content and actively hurled insults at confused customers who tagged the account asking what was going on.
The hacker publicly mocked EcoCash’s attempts to recover the profile. In one post, they bragged that the IT team had tried changing the password five times and cleared the followers list, but still failed to lock the attacker out of the system. While the claim about the missing $35 could not be independently verified, complaints regarding missing funds are a regular occurrence on EcoCash’s social media support channels.
Rival company NetOne used the incident to take a jab at EcoCash via its OneMoney X account. Alongside a post reminding users not to use predictable PINs like birth dates, they joked, “We told them ‘1234’ isn’t a password… but they didn’t listen.”
Despite eventually regaining control of the compromised account and deleting the explicit posts, neither EcoCash nor its parent company, Econet, had issued a formal public statement nearly a day after the breach was resolved.
Comments