This week, the United States Securities and Exchange Commission (SEC) suffered an embarrassing'and market-moving'breach in which a hacker gained access to its X social media account and published fake information about a highly anticipated SEC announcement related to bitcoin. The agency regained control of its account and deleted the post in under an hour, but the situation is troubling, especially given that the prominent and well-respected security firm Mandiant, which is owned by Google, had its X account compromised in a similar incident last week. Crucially, both accounts had the digital protection known as 'two-factor authentication' disabled at the time of the takeovers. Also known as 2FA, the defense requires a rotating numeric code or physical dongle in addition to a person's login credentials, so everything isn't resting on just a username and password. The SEC has not yet said whether it had two-factor turned off accidentally as a result of X's February 2023 policy...
learn more
