The recent SEC account hack on X has raised fresh concerns regarding the security of the social media platform. These concerns have been amplified since its acquisition by billionaire Elon Musk in 2022.
With the SEC account hacked, the perpetrators spread a fake news about an announcement from the SEC regarding bitcoin, causing a significant surge in the cryptocurrency’s price and causing alarm among onlookers. SEC promptly removed the post approximately 30 minutes after its appearance.
How Was SEC X Account Hacked?
SEC Account Hack Exploited Phone Number Linked to SEC’s X Account
Later on Tuesday, X confirmed, after conducting a preliminary investigation, that the SEC’s account was compromised due to an unknown individual gaining control over a phone number linked to the account through a third party.
In a statement, X acknowledged that the SEC did not have two-factor authentication (2FA) enabled at the time of the breach. The social media platform emphasized that the compromise was not a result of any breach within its own systems.
Despite X’s assurance, security analysts expressed concern over the incident, considering it troubling in nature.
“Something like that, where you can take over the SEC account and potentially affect the value of bitcoin in the market – there’s massive opportunity for disinformation,” commented Austin Berglas, a former cybersecurity official at the FBI’s New York office and a senior executive at BlueVoyant.
SEC Account Hack Reveals Flaws in the X Platform’s Security
The sec twitter hack is not surprising. On X, previously known as Twitter, the hijacking of accounts can occur through various means, such as password theft or deceiving individuals into revealing their login credentials.
Similar to other social media platforms, X’s security can also be breached, as demonstrated in 2020 when a teenager orchestrated a breach of Twitter’s internal computer network and gained control over numerous prominent accounts, including those belonging to former President Barack Obama and Elon Musk, prior to his acquisition of Twitter.
In response to the SEC X account breach by an unidentified party, an SEC spokesperson confirmed that access had been revoked. The agency is actively collaborating with law enforcement and other government entities to investigate the hack into SEC’s X account.
The S.E.C. Social Media Hack Has Added to X’s Security Problems
Even prior to its acquisition by Musk and rebranding as X, Twitter had been plagued by persistent security issues.
In 2019, the arrest of a Saudi agent who had clandestinely accessed the site’s backend to gather personal information about dissidents in the kingdom raised concerns regarding Twitter’s internal safeguards.
The subsequent mass hijacking of prominent accounts by the Florida teenager further exacerbated these concerns, leading the New York State Department of Financial Services to reprimand the company for succumbing to what it deemed a “basic” hack.
In 2022, before its acquisition by Musk, Twitter’s former security chief, Peiter Zatko, publicly criticized the company, accusing it of numerous security shortcomings that he believed posed a risk to national security.
Since his acquisition of Twitter in October 2022, Musk has emphasized the company’s security measures. However, according to former employees, the security situation has actually deteriorated since then.
Allegations made in a lawsuit filed by Alan Rosa, former IT security chief at X, claim that Musk ordered a 50% reduction in X’s physical security budget after acquiring the social media platform. Furthermore, he sought to eliminate programs that were dedicated to identifying and addressing digital vulnerabilities. Rosa asserts that he was terminated when he voiced his objections to these actions.
An anonymous former Twitter executive disclosed that, before Musk’s ownership, the protection of prominent accounts, including those of government officials, was a top priority. This effort involved implementing alerts for suspected hacks and deploying swift response measures. However, the team responsible for this initiative, which also worked on election integrity, experienced layoffs last year.
In early 2021, X made a change that restricted non-paying users from utilizing two-factor authentication, an important security measure. X’s official website claims that the company takes proactive steps to safeguard the accounts of government officials and political candidates, recognizing their potential vulnerability during certain civic processes.
By not having robust security measures in place, hackers could exploit various methods to gain control of an account. This includes utilizing previously leaked passwords or employing techniques like SIM swapping, where they gain access to a phone number associated with the account.
“Anytime you’re reducing a security function in a platform that does what X does, it is incredibly concerning,”
With the SEC’s X Account Hacked, two factor authentication, and deploying strict cybersecurity measures becomes even more important. Read our detailed guide on Cybersecurity Risk Assessment and correct your cybersecurity posture to strengthen your defenses.