Cybersecurity Concerns Surge Following Hack of U.S. SEC's Official Twitter Account on X
In a significant breach of cybersecurity, the official Twitter account of the U.S. Securities and Exchange Commission (SEC) on X was hacked on Tuesday, reigniting concerns about the social media platform's security since its acquisition by billionaire Elon Musk in 2022.
The hackers exploited the compromised account to disseminate false information about an anticipated SEC announcement related to Bitcoin, causing a spike in the cryptocurrency's price and raising alarms among market observers.
The fraudulent post on @SECGov falsely claimed that the securities regulator had approved exchange-traded funds to hold Bitcoin. The SEC promptly removed the post approximately 30 minutes after its appearance.
Following a preliminary investigation, X confirmed that the SEC's account was compromised because an unidentified individual gained control over a phone number associated with the account through a third party. Additionally, the social media platform revealed that the SEC did not have two-factor authentication enabled at the time of the breach.
While X asserted that the compromise did not result from a breach of its systems, security analysts expressed disquiet about the incident. Austin Berglas, a former cybersecurity official at the FBI's New York office, emphasized the potential for misinformation to impact the value of Bitcoin, stating, "there's a massive opportunity for disinformation."
X, formerly known as Twitter, has a history of security issues, even before Elon Musk's acquisition. The platform's security vulnerabilities were highlighted in 2020 when a teenager orchestrated a high-profile hack of Twitter's internal computer network, gaining control of accounts, including those of Barack Obama and Elon Musk.
SEC spokespersons confirmed the "unauthorized access" to its account and stated that the agency is collaborating with law enforcement and government entities to investigate the breach.
Concerns about Twitter's security precede Musk's ownership, with incidents like the 2019 arrest of a Saudi agent who accessed personal information about dissidents raising questions about internal safeguards. Musk, who acquired Twitter in October 2022, has asserted the platform's security, but former staff members claim a decline since his takeover.
Allegations from a lawsuit filed by Alan Rosa, X's former IT security chief, suggest that Musk ordered a 50% cut in the platform's physical security budget and sought to eliminate programs addressing digital vulnerabilities. The suit claims Rosa was terminated for objecting to these measures.
Notably, X limited the ability of non-paying users to implement two-factor authentication early last year, raising concerns about the overall security posture. The former Twitter executive disclosed that measures to protect prominent accounts, including those of government officials, faced cutbacks, exacerbating anxieties about the platform's security.
As the investigation into the SEC account hack unfolds, questions loom about the broader implications for Twitter's security landscape and the effectiveness of measures implemented since Elon Musk's acquisition in 2022.
