US lawmakers have demanded an investigation into the hack of the Securities and Exchange Commission's X account last week.
Senators Ron Wyden, who sits on the Senate Intelligence Committee, and Cynthia Lummis, accused the federal agency of failing to secure its social media accounts using industry best practices in a letter dated January 11, 2024.
Hackers compromised the SEC's X account on January 10 and posted a fake announcement regarding the approval of Bitcoin exchange-traded funds on security exchanges, leading to Bitcoin prices briefly spiking.
X also noted that the SEC's account did not have two-factor authentication enabled at the time the account was hacked.
This attack came amid a wave of crypto-related X account hijacks targeting prominent companies, including Mandiant, Hyundai and Certik.
They argued that the SEC should have used security keys to secure their social media accounts as well as 2FA, following recent guidance from the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency.
The option to enable security keys has been available for users of X since 2021.
This includes an independent evaluation in FY23 which determined that the SEC's information security program and practices were not effective.
Wyden and Lummis have given the SEC a deadline of February 12 to provide an update into their investigation and its cybersecurity remediations.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 15 Jan 2024 16:50:22 +0000