Skip to content

Search the site


SEC’s X account hacked: Unlike Mandiant, no MFA was in place

"The SEC has not approved the listing and trading of spot bitcoin exchange-traded products"

Updated January 10: OK, so that headline is now wrong. We apologise. And blame Mandiant. Read on...

The Securities and Exchange Commission (SEC) said its accredited account on X was “compromised” to spread fake news about Bitcoin.

The incident began January 9, when the SEC’s verified account shared that the regulator had approved spot-Bitcoin exchange-traded funds (ETFs) — a widely anticipated decision – sending Bitcoin prices briefly soaring.

SEC Chair Gary Gensler swiftly said on his personal account that the SEC’s post was inaccurate: “The @SECGov twitter account was compromised, and an unauthorized tweet was posted,” Gensler wrote on X. The markets watchdog appeared to regain control of the account shortly thereafter.

An X spokesperson told Bloomberg that “an unidentified individual” compromised the SEC’s account by acquiring an associated phone number and that the regulator hadn’t activated two-factor authentication.

“The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products” was the SEC’s only public statement.

The incident comes a week after cybersecurity and incident response company Mandiant – bought by Google for $5.4 billion in 2022 – also had its X account breached, despite saying it was protected with MFA.

UPDATED January 10: Mandiant admits MFA was not activated: "We have finished our investigation into last week's Mandiant X account takeover and determined it was likely a brute force password attack, limited to this single account. Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected. We've made changes to our process to ensure this doesn't happen again."

(In 2022 Twitter’s former security lead Peiter "Mudge" Zatko alleged that the company was unable to properly secure its porous production environment, its server infrastructure lacked resilience and that Twitter’s then-CEO undermined his attempts to fully disclose vulnerabilities to the company’s board that could potentially pose a national security risk.) 

See also: Cisco hacked in latest social engineering breach. CISOs, pay heed to MFA bypass threat