The SEC did not follow best security practices in run up X account hack, and US lawmakers are not happy

Everyone has two-factor authentication, right?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Following on from the Securities and Exchange Commission (SEC) X (formerly Twitter) hack, US lawmakers are pushing for the SEC to review its cybersecurity practices after it was discovered there wasno multi-factor authentication activeat the time of the hack.

The hack resulted in a single tweet being released from the compromised account, stating that the SEC had approved exchange traded funds (ETF) for Bitcoin.

The tweet resulted in a jump in the price of Bitcoin up to $48,000 before dropping by 6% the tweet was confirmed as fake.

“Failure to follow cybersecurity best practices”

US lawmakers are now demanding an investigation into the incident, stating this breach could be a sign of other security weaknesses within the SEC that could lead to far more damaging breaches.

The bipartisan letter, written by Democratic senator Ron Wyden and Republican senator Cynthia Lummis, requests the review as a result of the SEC’s failure to implement two-factor authentication on the account at the time of the hack. The account was compromised due to an individual acquiring a phone number related to the account, and as a result was able to log in to the agency’s account.

The letter urged the SEC, “to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed.”

Multi-factor authentication (MFA) has become a standard of online account security, with MFA providing an additional layer of security through the requirement of a one-time passcode, digital token, or biometric authentication in order to access an account.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaReuters

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats

GoPro Max 2 hit by further delays – 2025 is the earliest we’ll see the 360-degree action cam