SEC Twitter account hacked, apparently didn't have 2FA enabled

Twitter combats hate speech bans racism (Image credit: Shutterstock)

The US Security and Exchange Commission (SEC) has confirmed that its X account was compromised to send out unauthorized tweets. 

The agency is currently deliberating on whether to allow Bitcoin Exchange Traded Funds (ETFs), but a tweet from its official X account suggested that it had now approved them.

A spokesperson from the SEC clarified to CoinDesk that its "@SECGov X/Twitter account has been compromised," adding that, "the unauthorized tweet regarding Bitcoin ETFs was not made by the SEC or its staff."

No 2FA

In a further statement, the SEC also said it "will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct."

SEC Chair Gary Gensler also issued a statement on his own X account, confirming, "the SEC has not approved the listing and trading of spot bitcoin exchange-traded products."

Another spokesperson also told CoinDesk that decisions of this nature would not be announced via X, but rather on its official website and published in the Federal Register.

The safety team at X also tweeted explaining that there was no issue on its end; rather, an "unidentified individual" had managed to gain control of a phone number associated with the @SECGov account. 

It also added that the account had no two-factor authentication (2FA) in place at the time of the compromise, urging every user on its platform to "enable this extra layer of security." This usually involves receiving a code via text or an authenticator app on a device associated with the account in question, for the user to approve if a login attempt is made. 

It means that if hackers manage to obtain your username and password for one of your accounts, they will still not be able to gain access without the 2FA code to authenticate.

In response to the original fake tweet approving bitcoin ETFs, the cryptocurrency rose to $48,000, then swiftly dropped by 6% when the tweet was confirmed false. 

“This proves that accounts on X continue to be targeted and if an official account is compromised then serious consequences can follow. Cryptocurrency scams remain the focal point and with social pressure on X, they can still reap huge gains," Jake Moore, Global Cybersecurity Advisor at ESET told TechRadar Pro.

"Legitimate third party access compromise or targeted social engineering are still the most common ways to obtain access to an account which leaves the security onus very much on individuals. Therefore, even more significance should be directed at training staff and account owners especially when dealing with high profile accounts.”


Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.