Close Menu
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

What's On

The Backbone Pro Is A Decent Upgrade To Arguably The Best Mobile Controller

9 May 2025

LG’s best OLED TV of 2024 is on sale for $1,000 off today

9 May 2025

Here’s How to Claim Up to $100 in Apple’s Siri Settlement

9 May 2025
Facebook X (Twitter) Instagram
Just In
  • The Backbone Pro Is A Decent Upgrade To Arguably The Best Mobile Controller
  • LG’s best OLED TV of 2024 is on sale for $1,000 off today
  • Here’s How to Claim Up to $100 in Apple’s Siri Settlement
  • Ex-Bungie Developers Create TeamLFG, A New PlayStation Studio
  • The best video game remasters of all time
  • Trump’s Surgeon General Pick Is Tearing the MAHA Movement Apart
  • Samsung Galaxy S25 Edge Key Features, Accessories Leak Online Ahead of May 13 Launch
  • Mafia: The Old Country Gets New Gameplay Trailer, Developer Diary, And August Launch Date
Facebook X (Twitter) Instagram Pinterest Vimeo
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release
Subscribe
Best in TechnologyBest in Technology
Home » How to Stop Your X Account From Getting Hacked Like the SEC’s
News

How to Stop Your X Account From Getting Hacked Like the SEC’s

News RoomBy News Room12 January 20244 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email

This week, the United States Securities and Exchange Commission (SEC) suffered an embarrassing—and market-moving—breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement related to bitcoin. The agency regained control of its account and deleted the post in under an hour, but the situation is troubling, especially given that the prominent and well-respected security firm Mandiant, which is owned by Google, had its X account compromised in a similar incident last week.

Details are still emerging about exactly what happened in each case, but there are common threads that made the account takeovers possible—and there are ways to protect yourself.

Crucially, both accounts had the digital protection known as “two-factor authentication” disabled at the time of the takeovers. Also known as 2FA, the defense requires a rotating numeric code or physical dongle in addition to a person’s login credentials, so everything isn’t resting on just a username and password. The SEC has not yet said whether it had two-factor turned off accidentally as a result of X’s February 2023 policy change, which made it so only accounts paying for a Blue subscription would have access to two-factor codes sent via text message. Mandiant implied on Wednesday that this change was the reason it did not have the protection turned on for its X account, saying, “Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected.”

Mandiant said hackers were able to guess the password protecting its X account in “a brute force” attack. X itself said on Tuesday that the SEC account hack was the result of “an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”

The two incidents lay out a punch list of the most important steps you can take to lock down your X account. First, ensure that your account is protected by a strong, unique password. Second, turn on two-factor for your account or, if you think you already have it on, check to make sure. X’s move to make people pay for a basic form of two-factor is problematic. It also created confusion because the company prompted free users to switch away from SMS two-factor, but then seemingly simply turned off the protection altogether for those who didn’t. This likely left a group of users in a situation where they think they have two-factor authentication on, but actually don’t.

To confirm that you have two-factor on, or to enable it for the first time, log into your X account, go to Settings and privacy, then Security and account access, Security, and then Two-factor authentication. (You can also click here if you’re already logged into X). On that screen, you can choose between using two-factor authentication with a code-generating app or a physical security key. You can also generate backup codes for your account to log in to X even if you lose access to your second factor.

Finally, check that there isn’t a phone number linked to your X account that can be used for account recovery. Twitter uses phone numbers to “verify” high-profile accounts and also offers a feature called “Additional password protection,” through which “you must provide either the phone number or email address associated with your account in order to reset your password.” It seems, though, that by having a phone number associated with its X account, the SEC was putting itself at greater risk, because attackers could gain control of the account by first taking over the associated phone number using an attack known as a SIM swap.

“Remove your phone number from Twitter altogether to ensure you avoid the SIM-swap threat with Twitter’s risky text-message-based password reset flow,” says Rachel Tobac, a longtime account compromise researcher and CEO of SocialProof Security. She adds that X users should “turn on 2FA—I recommend app-based at the very least—and ensure you have a strong password on the account.”

Though X has made it more convoluted to enable strong account security, it’s worth learning from the SEC and Mandiant’s mistakes.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticlePrince Of Persia: The Lost Crown Review, 2024 Predictions | All Things Nintendo
Next Article What is Auracast? The Bluetooth broadcast standard fully explained

Related Articles

News

LG’s best OLED TV of 2024 is on sale for $1,000 off today

9 May 2025
News

Here’s How to Claim Up to $100 in Apple’s Siri Settlement

9 May 2025
News

The best video game remasters of all time

9 May 2025
News

Trump’s Surgeon General Pick Is Tearing the MAHA Movement Apart

9 May 2025
News

Activision is escalating its fight against cheaters in Call of Duty

9 May 2025
News

US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car

9 May 2025
Demo
Top Articles

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202493 Views

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 202482 Views

5 laptops to buy instead of the M4 MacBook Pro

17 November 202457 Views

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Latest News
News

Trump’s Surgeon General Pick Is Tearing the MAHA Movement Apart

News Room9 May 2025
Phones

Samsung Galaxy S25 Edge Key Features, Accessories Leak Online Ahead of May 13 Launch

News Room9 May 2025
Gaming

Mafia: The Old Country Gets New Gameplay Trailer, Developer Diary, And August Launch Date

News Room9 May 2025
Most Popular

The Spectacular Burnout of a Solar Panel Salesman

13 January 2025118 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202493 Views

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 202482 Views
Our Picks

Ex-Bungie Developers Create TeamLFG, A New PlayStation Studio

9 May 2025

The best video game remasters of all time

9 May 2025

Trump’s Surgeon General Pick Is Tearing the MAHA Movement Apart

9 May 2025

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Facebook X (Twitter) Instagram Pinterest
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact Us
© 2025 Best in Technology. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.