The breach of the U.S. Securities and Exchange Commission’s official Twitter account on X has ignited fresh worries about the social media platform’s security, especially since its acquisition by billionaire Elon Musk in 2022, Reuters news report said.
The hackers, on Tuesday, disseminated false information regarding an impending announcement from the SEC related to bitcoin, causing a surge in the cryptocurrency’s value and triggering widespread concern. The fabricated post from @SECGov claimed that the securities regulator had greenlit exchange-traded funds to hold bitcoin. The SEC promptly removed the post approximately 30 minutes after its appearance.
X confirmed, following a preliminary probe, that the compromise of the SEC’s account occurred due to an unidentified individual seizing control of a phone number linked to the account through a third party.
Moreover, the social media platform revealed that the SEC hadn’t activated two-factor authentication at the time of the breach, adding further vulnerability to the situation.
Although X clarified that the breach wasn’t a result of a system breach on their platform, security analysts deemed the incident deeply troubling.
Austin Berglas, a former cybersecurity official at the FBI’s New York office and now a senior executive at the security firm BlueVoyant, emphasized the potential for disinformation, stating, “Something like that, where you can take over the SEC account and potentially affect the value of bitcoin in the market – there’s massive opportunity for disinformation.”
X, previously known as Twitter, remains susceptible to hijacking through password theft or deceiving individuals into revealing login credentials, similar to other social media platforms. Notably, in 2020, a teenager breached Twitter’s internal network, seizing control of numerous high-profile accounts, including those of former President Barack Obama and Musk, well before Musk’s acquisition of the platform.
A spokesperson for the SEC confirmed the “unauthorized access” to their account had been revoked and noted ongoing collaboration with law enforcement and government agencies in investigating the breach.
Prior to Musk’s acquisition and rebranding of Twitter to X, the platform had been plagued by persistent security issues. Incidents like the 2019 arrest of a Saudi agent accessing dissidents’ data and the subsequent mass hijacking in 2020 intensified concerns about Twitter’s internal safeguards.
Musk, since acquiring X in October 2022, has advocated for improved security. However, claims from former staff suggest a decline in security measures post-acquisition, with allegations of budget cuts and scrapping of vulnerability programs. A lawsuit filed by a former IT security chief, Alan Rosa, alleged his termination upon raising objections to these measures.
The changes in security practices post-Musk’s acquisition, including limitations on non-paying users’ two-factor authentication and the restructuring of security-focused teams, have raised doubts about the platform’s security protocols. Analysts have highlighted the potential use of leaked passwords for account breaches in cases where robust security measures are absent.