Business
X blames poor SEC security for account hack on January 10, 2024 at 3:57 pm Business News | The Hill
X, the platform formerly known as Twitter, said Wednesday the hack into the account for the Securities and Exchange Commission (SEC) wasn’t due to a breach of the social media company’s systems.
In a post Wednesday from X’s safety team account, the company blamed the SEC’s security for the hack that led to a false post being published Tuesday, which appeared to announce the approval of several bitcoin investment funds.
X said that based on a “preliminary investigation,” the compromise was “not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number” associated with the SEC’s account through a third party.
X also said the SEC’s account did not have two-factor authentication enabled at the time it was compromised.
Two-factor authentication is a common security feature used by websites to protect against unauthorized account access. It typically involves a user approving a login with a code or message sent to a phone number or email account.
Two-factor authentication was readily available on Twitter before Elon Musk’s takeover of the website in October 2022. But Musk limited two-factor authentication in March only to users who pay for a premium X subscription.
The SEC’s account was verified as belonging to a government agency, but it is unclear whether the agency had access to two-factor authentication.
Despite those restrictions, X on Wednesday encouraged “all users to enable this extra layer of security.”
A spokesperson for the SEC did not immediately respond to a request for comment.
The Hill also reached out to an X spokesperson for comment regarding the nature of the preliminary investigation, as well as whether the SEC account was eligible for two-factor authentication given its status as a verified government account.
The incorrect post on Tuesday was removed roughly 30 minutes after it was posted. The account followed up with a post that stated the account was compromised and the agency had not approved the update.
The false post was published as the SEC has been expected to announce the approval of bitcoin exchange-traded funds by Wednesday to comply with a federal court ruling.
Technology, Business X, the platform formerly known as Twitter, said Wednesday the hack into the account for the Securities and Exchange Commission (SEC) wasn’t due to a breach of the social media company’s systems. In a post Wednesday from X’s safety team account, the company blamed the SEC’s security for the hack that led to a false post…