Cyber Incident Victim: European Bank for Reconstruction and Development

On July 29, 2020, the European Bank for Reconstruction and Development (EBRD) experienced a Twitter account compromise affecting both its primary @EBRD account and its subsidiary @EBRDgreen account. An unauthorized actor gained control and posted atypical content inconsistent with the institution’s communications, including messages directly tagging BBC home affairs correspondent Daniel Sandford to attract media attention. The breach evolved into a visible struggle between the bank and the attacker, with conflicting tweets creating confusion among followers. One tweet from the compromised @EBRD account requested Twitter to lock the account to halt the intrusion, but a subsequent post claimed this lockdown appeal itself originated from the hacker. Linguistic errors in spelling and grammar within certain tweets helped distinguish unauthorized posts from legitimate communications.

The intrusion persisted even after EBRD issued an apology via its compromised account, indicating ongoing access by the threat actor during initial recovery efforts. The bank ultimately regained full control of both accounts, terminating the unauthorized activity. While the attacker’s messages suggested opportunistic mischief rather than overtly malicious objectives like financial theft or data exfiltration, the incident exposed operational vulnerabilities in the bank’s social media management. The public nature of the compromise risked reputational damage through the dissemination of incongruous content to institutional followers and heightened awareness of the platform’s potential for spreading disinformation via hijacked accounts. No secondary impacts such as data breaches or financial losses were disclosed in available reporting.