Cyber Incident Victim: Honda Motorcycle and Scooter India
Date:
Mar 2023
Location:
India
Summary
The official Twitter account of Honda Motorcycle and Scooter India was compromised by attackers who renamed the account and altered its profile information to impersonate an individual associated with cryptocurrency and technology firms. The handle was changed to "@AndrewChol5" with a bio claiming affiliations to entities including Coinbase, Microsoft, and Snapchat, while the account's original content included an advertisement for a promotional campaign featuring an actor. The company had not released an official statement at the time of reporting, though they acknowledged awareness of the issue when contacted. The compromise disrupted their social media presence but did not evidence broader compromise of internal systems or data exfiltration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 1, 2023, Honda Motorcycle and Scooter India (HMSI), a leading two-wheeler manufacturer in India, experienced a compromise of its official Twitter account. The attack involved unauthorized changes to the account’s identity, including renaming it to "Andrew | SuperNormal (🍯)" and altering the handle to @AndrewChol5. The account’s description was modified to falsely list affiliations with multiple technology companies, including claims of being "CEO @SuperNormal," "Tech Lead @Coinbase," "Developer @Microsoft @LinkedIn @Snapchat @IBM," "Advisor @YogaPetz @OlivexAI," "VIP @MocaverseNFT," and "Rank #1 @UWaterloo Eng." This takeover disrupted HMSI's official communications channel, as the account no longer reflected legitimate company information. The last confirmed legitimate tweet prior to the breach was an advertising teaser for "Honda Ki Sau" (Honda’s 100th vehicle campaign), featuring Bollywood actor Jimmy Shergill and instructing followers to contact HMSI via a missed call number or website for details. HMSI’s team had not issued any public statements acknowledging the breach at the time of initial reporting, though representatives confirmed awareness of the incident when contacted by media and indicated an official response was forthcoming.
The incident underscored vulnerabilities in corporate social media security, particularly for high-profile automotive brands on Twitter. HMSI’s compromised account remained under attacker control with no visible restoration efforts reported in the immediate aftermath, leaving the company unable to disseminate authentic updates through this platform. The breach occurred amid broader concerns about cybersecurity risks for automotive industry accounts following recent high-profile Twitter compromises. While the exact method of intrusion remained undisclosed, the visible impact was limited to the account’s rebranding rather than fraudulent tweets or direct financial scams targeting followers. HMSI’s communications team was actively working to regain account access, though restoration timelines and remediation steps were not publicly confirmed. The company faced potential reputational and operational impacts from the loss of control over a verified channel used for customer engagement and marketing initiatives like the "Honda Sau" campaign. Industry observers noted the incident highlighted ongoing challenges in securing organizational social media assets against credential compromise or third-party platform weaknesses.