Cyber Incident Victim: Go First

On January 24, 2022, the official Twitter account of Indian low-cost airline Go First was compromised by unidentified hackers. The breach became evident through a series of unauthorized tweets posted Monday evening containing generic messages such as "Amazing" and "Great job," which alerted followers to suspicious activity. The attackers altered the account’s display name to a single period and removed its profile picture while leaving other elements—including the header image, bio, and external link—unchanged. A shortened URL, suspected to direct users to a phishing site, was also shared from the compromised account, prompting warnings from observers not to interact with the link. With over 200,000 followers at the time of the incident, the account remained under hacker control and unrecovered when initial reports were published.

Go First confirmed the compromise to International Business Times, stating its teams were investigating and collaborating with Twitter to restore access. A spokesperson emphasized the airline’s commitment to resolving the issue swiftly and maintaining secure communications for passengers, though no restoration timeline was provided. The incident echoed broader cybersecurity vulnerabilities in India’s aviation sector, notably referencing Air India’s May 2021 data breach affecting 450,000 customers and IndiGo’s internal document exposure around the same period. These precedents underscored recurring threats to airline digital infrastructure, though Go First’s breach appeared limited to social media disruption without evidence of data theft or operational system impacts. The airline did not disclose technical details of the attack vector or any additional mitigation steps beyond account recovery efforts.