Close Menu
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

What's On

Vivobarefoot’s Sensus Shoes Are Like Gloves for Your Feet

1 August 2025

Amazon Great Freedom Festival Sale 2025: Best Deals on Power Banks From Xiaomi, Ambrane, and More

1 August 2025

Primal Planet Is Where Caveman Meets Metroidvania | New Gameplay Today

1 August 2025
Facebook X (Twitter) Instagram
Just In
  • Vivobarefoot’s Sensus Shoes Are Like Gloves for Your Feet
  • Amazon Great Freedom Festival Sale 2025: Best Deals on Power Banks From Xiaomi, Ambrane, and More
  • Primal Planet Is Where Caveman Meets Metroidvania | New Gameplay Today
  • WIRED Roundup: ChatGPT Goes Full Demon Mode
  • Vivo V60 5G Bags NBTC Certification Ahead of August 12 India Launch
  • MK Trilogy Confirmed For Mortal Kombat: Legacy Kollection, Physical Editions Announced
  • Itch.io Is Restoring NSFW Games—as Long as They’re Free
  • Apple Revenue Forecast Beats Estimates, Tariff Costs Projected at $1.1 Billion
Facebook X (Twitter) Instagram Pinterest Vimeo
Best in TechnologyBest in Technology
  • News
  • Phones
  • Laptops
  • Gadgets
  • Gaming
  • AI
  • Tips
  • More
    • Web Stories
    • Global
    • Press Release
Subscribe
Best in TechnologyBest in Technology
Home » How to Stop Your X Account From Getting Hacked Like the SEC’s
News

How to Stop Your X Account From Getting Hacked Like the SEC’s

News RoomBy News Room12 January 20244 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email

This week, the United States Securities and Exchange Commission (SEC) suffered an embarrassing—and market-moving—breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement related to bitcoin. The agency regained control of its account and deleted the post in under an hour, but the situation is troubling, especially given that the prominent and well-respected security firm Mandiant, which is owned by Google, had its X account compromised in a similar incident last week.

Details are still emerging about exactly what happened in each case, but there are common threads that made the account takeovers possible—and there are ways to protect yourself.

Crucially, both accounts had the digital protection known as “two-factor authentication” disabled at the time of the takeovers. Also known as 2FA, the defense requires a rotating numeric code or physical dongle in addition to a person’s login credentials, so everything isn’t resting on just a username and password. The SEC has not yet said whether it had two-factor turned off accidentally as a result of X’s February 2023 policy change, which made it so only accounts paying for a Blue subscription would have access to two-factor codes sent via text message. Mandiant implied on Wednesday that this change was the reason it did not have the protection turned on for its X account, saying, “Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected.”

Mandiant said hackers were able to guess the password protecting its X account in “a brute force” attack. X itself said on Tuesday that the SEC account hack was the result of “an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”

The two incidents lay out a punch list of the most important steps you can take to lock down your X account. First, ensure that your account is protected by a strong, unique password. Second, turn on two-factor for your account or, if you think you already have it on, check to make sure. X’s move to make people pay for a basic form of two-factor is problematic. It also created confusion because the company prompted free users to switch away from SMS two-factor, but then seemingly simply turned off the protection altogether for those who didn’t. This likely left a group of users in a situation where they think they have two-factor authentication on, but actually don’t.

To confirm that you have two-factor on, or to enable it for the first time, log into your X account, go to Settings and privacy, then Security and account access, Security, and then Two-factor authentication. (You can also click here if you’re already logged into X). On that screen, you can choose between using two-factor authentication with a code-generating app or a physical security key. You can also generate backup codes for your account to log in to X even if you lose access to your second factor.

Finally, check that there isn’t a phone number linked to your X account that can be used for account recovery. Twitter uses phone numbers to “verify” high-profile accounts and also offers a feature called “Additional password protection,” through which “you must provide either the phone number or email address associated with your account in order to reset your password.” It seems, though, that by having a phone number associated with its X account, the SEC was putting itself at greater risk, because attackers could gain control of the account by first taking over the associated phone number using an attack known as a SIM swap.

“Remove your phone number from Twitter altogether to ensure you avoid the SIM-swap threat with Twitter’s risky text-message-based password reset flow,” says Rachel Tobac, a longtime account compromise researcher and CEO of SocialProof Security. She adds that X users should “turn on 2FA—I recommend app-based at the very least—and ensure you have a strong password on the account.”

Though X has made it more convoluted to enable strong account security, it’s worth learning from the SEC and Mandiant’s mistakes.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticlePrince Of Persia: The Lost Crown Review, 2024 Predictions | All Things Nintendo
Next Article What is Auracast? The Bluetooth broadcast standard fully explained

Related Articles

News

Vivobarefoot’s Sensus Shoes Are Like Gloves for Your Feet

1 August 2025
News

WIRED Roundup: ChatGPT Goes Full Demon Mode

1 August 2025
News

Itch.io Is Restoring NSFW Games—as Long as They’re Free

1 August 2025
News

Inside Jeffrey Epstein’s Forgotten AI Summit

1 August 2025
News

The First Widespread Cure for HIV Could Be in Children

1 August 2025
News

The Best Laptops for College Students

1 August 2025
Demo
Top Articles

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 2024103 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202495 Views

Oppo Reno 14, Reno 14 Pro India Launch Timeline and Colourways Leaked

27 May 202582 Views

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Latest News
Gaming

MK Trilogy Confirmed For Mortal Kombat: Legacy Kollection, Physical Editions Announced

News Room1 August 2025
News

Itch.io Is Restoring NSFW Games—as Long as They’re Free

News Room1 August 2025
Phones

Apple Revenue Forecast Beats Estimates, Tariff Costs Projected at $1.1 Billion

News Room1 August 2025
Most Popular

The Spectacular Burnout of a Solar Panel Salesman

13 January 2025126 Views

ChatGPT o1 vs. o1-mini vs. 4o: Which should you use?

15 December 2024103 Views

Costco partners with Electric Era to bring back EV charging in the U.S.

28 October 202495 Views
Our Picks

WIRED Roundup: ChatGPT Goes Full Demon Mode

1 August 2025

Vivo V60 5G Bags NBTC Certification Ahead of August 12 India Launch

1 August 2025

MK Trilogy Confirmed For Mortal Kombat: Legacy Kollection, Physical Editions Announced

1 August 2025

Subscribe to Updates

Get the latest tech news and updates directly to your inbox.

Facebook X (Twitter) Instagram Pinterest
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact Us
© 2025 Best in Technology. All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.