The recent hack of the U.S. Securities and Exchange Commission’s (SEC) Twitter account has highlighted the perils of overlooking fundamental cybersecurity practices, such as two-factor authentication (2FA). This breach, which led to a false announcement about the approval of Bitcoin ETFs, underscores the vulnerability of high-profile social media accounts to cyberattacks, particularly when basic security measures are not in place.
The breach was facilitated by the hacker gaining control over the phone number associated with the SEC’s Twitter account through a third-party telecommunications provider. This allowed them to bypass security measures and reset the account’s password. Significantly, the SEC’s Twitter account did not have two-factor authentication enabled at the time of the incident, a basic security measure that could have potentially prevented the unauthorized access.
The false tweet, which was live for about 30 minutes, caused a temporary yet significant spike in the price of Bitcoin, demonstrating the substantial impact that such security lapses can have on financial markets. The incident led to widespread confusion and misinformation, as various news outlets and online personalities reported on the erroneously approved bitcoin ETFs.
SEC Chair Gary Gensler promptly addressed the issue, confirming via Twitter that the SEC had not approved the listing and trading of spot bitcoin exchange-traded products, and that the account was indeed compromised. The security lapse at the SEC has drawn scrutiny and criticism from U.S. Senators J.D. Vance and Thom Tillis, who have demanded an explanation from Gensler regarding the Commission’s cybersecurity protocols.
Elon Musk, owner of X (formerly Twitter) and CEO of Tesla, commented on the breach, refuting claims that it resulted from a failure in X’s internal systems. The incident serves as a stark reminder of the continuous challenges social media platforms face in safeguarding the integrity of accounts, especially those belonging to key government entities and financial regulators.