SEC admits on Twitter X that security lapses led to account hack

The U.S. Securities and Exchange Commission has made a significant announcement regarding the security of its X account, affirming the implementation of 2-factor authentication to bolster its defenses.
Emphasizing its commitment to fortifying security measures, the SEC aims to prevent any potential cyber threats moving forward.
For those unfamiliar with the recent events, on January 8th, 2024, the SEC's Twitter account, now referred to as X, fell victim to a hacking incident orchestrated by malicious actors.
Exploiting the platform, these threat actors leveraged the account to promote exchange traded funds using Bitcoin transactions.
The impact was immediate, with BTC prices skyrocketing from $39,000 to $48,000 per Bitcoin, only to plummet back to $38,000 in the following days.
Investigations into the breach revealed that Twitter's multi-factor authentication feature had been active until July 2023.
Technical glitches resulted in users experiencing difficulties with 2FAs, prompting the federal organization to disable this security layer.
This lapse in security allowed the perpetrators to compromise the admin's phone number, clone the SIM card, and ultimately reset the account password.
With MFA disabled, the legitimate admin remained unaware of these unauthorized account manipulations.
Such incidents serve as a stark reminder to organizations that cybersecurity cannot be underestimated.
The repercussions can be severe, tarnishing an organization's reputation and integrity almost instantaneously.
Account takeovers facilitate criminal activities, including fraud and the dissemination of fake news, posing significant risks to society at large.
The ensuing political and economic turmoil underscores the critical importance of robust cybersecurity measures.


This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Thu, 15 Feb 2024 15:43:04 +0000


Cyber News related to SEC admits on Twitter X that security lapses led to account hack

SEC admits on Twitter X that security lapses led to account hack - The U.S. Securities and Exchange Commission has made a significant announcement regarding the security of its X account, affirming the implementation of 2-factor authentication to bolster its defenses. Emphasizing its commitment to fortifying ...
10 months ago Cybersecurity-insiders.com
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
10 months ago Bleepingcomputer.com
Bitcoin ETFs Approved Following Official SEC X Account Compromise - For many years, the cryptocurrency industry has waited with bated breath for the U.S. Securities and Exchange Commission to finally approve Bitcoin ETFs. This was not before a hacker had the first laugh. Tuesday afternoon, a day prior, the official X ...
11 months ago Itsecurityguru.org
Electronic Frontier Foundation - Archiving tweets isn't just for Dril and former presidents. In its heyday, Twitter was an essential platform for activists, organizers, journalists, and other everyday people around the world to speak truth to power and fight for social justice. Its ...
10 months ago Eff.org
Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around ...
1 year ago Techrepublic.com
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
11 months ago Techtarget.com
Congressman Coming for Answers After No-Fly List Hack - U.S. Congressman Bennie Thompson is demanding answers from airlines and the federal government after a "massive hack" of the no-fly list. The congressman sent a letter to the airlines and the Department of Homeland Security asking for an explanation ...
1 year ago Therecord.media
Biden veto waiting for bill to kill SEC breach report rule The Register - The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The joint resolution, along with House Joint Resolution 100, ...
10 months ago Go.theregister.com
Senators Demand Probe into SEC Hack After Bitcoin Price Spike - US lawmakers have demanded an investigation into the hack of the Securities and Exchange Commission's X account last week. Senators Ron Wyden, who sits on the Senate Intelligence Committee, and Cynthia Lummis, accused the federal agency of failing to ...
11 months ago Infosecurity-magazine.com
What’s The Difference Between Twitter and Mastodon? - Twitter and Mastodon have been the two major players in the social media landscape for some time. Both platforms offer a way for people to share information and interact with others, and both have millions of users worldwide. Depending on your goals ...
1 year ago Welivesecurity.com
How to Stop Your X Account From Getting Hacked Like the SEC's - This week, the United States Securities and Exchange Commission suffered an embarrassing-and market-moving-breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement ...
11 months ago Wired.com
Republican lawmakers want answers on SEC social media hack - Republicans on the House Financial Services Committee want the SEC to brief them on the recent hack of the agency's social media account no later than next week. In a letter sent Wednesday to SEC Chairman Gary Gensler, the lawmakers noted that, X, ...
11 months ago Therecord.media
Trello API abused to link email addresses to 15 million accounts - An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. Trello is an online project management tool owned by Atlassian that ...
10 months ago Bleepingcomputer.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
Hack The Box Launches 5th Annual University CTF Competition - PRESS RELEASE. Hack The Box, the leading gamified cybersecurity upskilling, certification, and talent assessment platform, is announcing its fifth annual global University Capture The Flag competition that will take place from December 8 to 10, 2023. ...
1 year ago Darkreading.com
SEC Approves Bitcoin ETFs, Crypto Industry Rejoices - The US securities regulator has officially approved the first US-listed exchange traded funds to track bitcoin, in what is being labelled a watershed moment for the world's largest cryptocurrency, as well as the broader crypto industry. Earlier this ...
11 months ago Silicon.co.uk
MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC - Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. MeridianLink, which reported more than $76 million ...
1 year ago Therecord.media
SEC Shares Important Clarifications as New Cyber Incident Disclosure Rules Come Into Effect - The US Securities and Exchange Commission has shared some important clarifications on its new cyber incident disclosure requirements, which come into effect on Monday, December 18. The SEC announced in late July that it had adopted new cybersecurity ...
1 year ago Securityweek.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
11 months ago Bleepingcomputer.com
SEC Chair Says Account on X Was Hacked - An ETF would provide a way to invest in bitcoin without having to buy the cryptocurrency outright on a crypto exchange such as Binance or Coinbase. The price of bitcoin swung from about $46,730 to just below $48,000 after the unauthorized post hit, ...
11 months ago Securityweek.com
SolarWinds Files Motion to Dismiss SEC Lawsuit - In a new filing with the US Southern District Court of New York, SolarWinds argued that the Securities and Exchange Commission was outside of its depth of expertise as well as its scope of authority in charging SolarWinds and its chief information ...
10 months ago Darkreading.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
11 months ago Bleepingcomputer.com
SEC X Account Hacked to Publish Bitcoin ETFs Approval Message - In a scene ripped from a digital thriller, the U.S. The Securities and Exchange Commission saw its Twitter account hijacked by an unknown entity, plunging the crypto world into a roller coaster ride of frenzied excitement and crushing disappointment. ...
11 months ago Cybersecuritynews.com
Understanding The Impact of The SEC's Cybersecurity Disclosure Regulations - Corporate security and compliance teams are scrambling to understand the implications of the U.S. Security and Exchange Commission's recently announced cybersecurity disclosure and reporting regulations. While the need to report 'material ...
1 year ago Cyberdefensemagazine.com
The SEC's Official X Account Was 'Compromised' and Used to Post Fake Bitcoin News - The SEC has not yet responded to WIRED's request for comment. The fake post appeared to lead to a brief spike in Bitcoin's value of around 2.5 percent, to nearly $47,870, before crashing around 3.2 percent from its original price. Following news of ...
11 months ago Wired.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)