SEC X Account Hack Draws Senate Outrage

  /     /     /  
Publicated : 23/11/2024   Category : security


SEC X Account Hack Draws Senate Outrage


Senators from both parties called the Securities and Exchange Commissions lack of MFA inexcusable and demand investigation into the regulators cybersecurity lapse.



Following the Securities and Exchange Commissions X account, formerly known as Twitter, compromise on Jan. 9, two Senators have issued a statement calling the hack inexcusable and urging the Inspector General of the US Securities and Exchange Commission (SEC) to investigate the regulators failure to have basic multifactor authentication (MFA) protections in place.
Additionally, a hack resulting in the publication of material information for investors could have significant impacts on the stability of the financial system and trust in public markets, including potential market manipulation, Senators Ron Wyden, D-Ore., and Cynthia Lummis, R-Wyo. said in a statement. We urge you to investigate the agencys practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed.
Since March 2020, Twitters policy changed to only offer text-based two-factor authentication to premium subscribers. Other organizations including
Googles cybersecurity team Mandiant
as well as
car company Hyundai
have fallen prey to crypto hackers well aware of Twitters new policy.
Sen. Wydens office tells Dark Reading the specific concern is why the SEC didnt implement an alternative MFA process like a third-party authentication app or security key once the X policy changed in March 2023.
In the instance of the SEC X account breach, a phone number associated with the account was compromised by the crypto hackers and used to put out miscommunications to manipulate the bitcoin market.
Not only should the agency have enabled MFA, but it should have secured its accounts with phishing-resistant hardware tokens, commonly known as security keys, which are the gold standard for account cybersecurity, the
letter to the SEC Inspector General
said, adding the agency was warned in 2023 about its poor cybersecurity.
The letter added a shot at the regulators increasingly rigorous oversight of enterprise cybersecurity.
The SECs failure to follow cybersecurity best practices is inexcusable, particularly given the agencys
new requirements for cybersecurity disclosure
, the Senators wrote.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SEC X Account Hack Draws Senate Outrage