SEC admits on Twitter X that security lapses led to account hack

The U.S. Securities and Exchange Commission (SEC) has made a significant announcement regarding the security of its X account, affirming the implementation of 2-factor authentication to bolster its defenses. Emphasizing its commitment to fortifying security measures, the SEC aims to prevent any potential cyber threats moving forward.

For those unfamiliar with the recent events, on January 8th, 2024, the SEC’s Twitter account, now referred to as X, fell victim to a hacking incident orchestrated by malicious actors. Exploiting the platform, these threat actors leveraged the account to promote exchange traded funds (ETFs) using Bitcoin transactions. The impact was immediate, with BTC prices skyrocketing from $39,000 to $48,000 per Bitcoin, only to plummet back to $38,000 in the following days.

Investigations into the breach revealed that Twitter’s multi-factor authentication (MFA) feature had been active until July 2023. However, technical glitches resulted in users experiencing difficulties with 2FAs, prompting the federal organization to disable this security layer.

This lapse in security allowed the perpetrators to compromise the admin’s phone number, clone the SIM card, and ultimately reset the account password. With MFA disabled, the legitimate admin remained unaware of these unauthorized account manipulations.

Such incidents serve as a stark reminder to organizations that cybersecurity cannot be underestimated. The repercussions can be severe, tarnishing an organization’s reputation and integrity almost instantaneously.

Furthermore, account takeovers facilitate criminal activities, including fraud and the dissemination of fake news, posing significant risks to society at large. The ensuing political and economic turmoil underscores the critical importance of robust cybersecurity measures.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display