X accuses SEC of hacking his account as commission opens investigation

The social media site

The social media site did not respond to requests for comment but issued a statement Wednesday, refuting claims he was responsible for the redemption of the SEC account.

“We can confirm that the @SECGov account was compromised and we have conducted a preliminary investigation. Based on our investigation, the compromise was not due to a breach of X’s systems, but rather to the fact that an unidentified individual obtained control of a phone number associated with the @SECGov account through from a third party,” said the site’s security team.

“We can also confirm that two-factor authentication was not enabled on the account at the time the account was compromised. We encourage all users to enable this additional layer of security.

The comments follow widespread concern late Tuesday when the SEC’s account tweeted a message claiming the commission had approved the listing of Bitcoin exchange-traded funds (ETFs) on national securities exchanges – a favorite question among bitcoin enthusiasts. cryptocurrency.

The tweet was sent around 4 p.m. ET and deleted within an hour. The SEC and Chairman Gary Gensler said the post was inaccurate and was posted after the account was compromised.

In a statement to Recorded Future News, the SEC said it “determined that there was unauthorized access and activity on the @SECGov x.com account by an unknown party for a brief period shortly after 16 hours ET”.

“This unauthorized access has ended,” they said. “The SEC will work with law enforcement and our government partners to investigate the matter and determine appropriate next steps regarding both the unauthorized access and any related misconduct.”

Cybersecurity company owned by Google MandiantTHE Deputy Leader of the UK Green Party and one Canadian senator all had their accounts hacked last week.

These incidents represent the convergence of several issues facing the social media site. Since the platform was purchased by Tesla CEO Elon Musk, it has been overrun with cryptocurrency scams. Several security researchers also said they have difficulty contacting the social networking site when cybersecurity issues are discovered.

Last month, two researchers discovered Twitter vulnerabilities that were not addressed for weeks by the social media site’s team.

Chaofan Shou, a doctoral student at the University of California, Berkeley, told Recorded Future News that the company never responded to his email about the matter.

Rachel Tobac, cybersecurity expert note One recent issue she discovered is that accounts must add a phone number to be verified.

It is possible to remove it once the verification process is complete, but if you don’t, you risk the SIM swap account being taken over via the phone number password reset flow. (especially if you don’t have MFA enabled),” she said. said.

SIM exchangers seek to trick cell phone carriers into porting a victim’s phone number to a new device.

“Many prestigious accounts do not realize this risk is possible after requesting ‘verification’ under the new payment for verification system,” Tobac added.

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.