SEC account hack amplifies concerns over security at Elon Musk’s X
SAN FRANCISCO – The US Securities and Exchange Commission (SEC) said its account on social network X was “compromised”, leading to a spike in the price of Bitcoin and raising fresh questions about X’s reliability as a source of information and the strength of its security practices.
The incident, one of the most consequential breaches in years on the platform formerly known as Twitter, began with a post on the SEC’s official verified account, which inaccurately shared that the regulator had approved spot-Bitcoin exchange-traded funds (ETFs) – a decision that had been anticipated for later this week. The price of Bitcoin quickly shot up more than 2.5 per cent as news of the post spread online and via media outlets, that were watching the SEC’s feed for such an announcement.
Within minutes, SEC chair Gary Gensler jumped in from his own X account to clarify that the SEC’s post was inaccurate, even while the message remained up on X for roughly 30 minutes. “The @SECGov Twitter account was compromised, and an unauthorised tweet was posted,” Mr Gensler wrote on X. Bitcoin’s price tumbled.
Mr Joe Benarroch, head of business operations at X, said in a statement: “The account is secure, and we are investigating the root cause.”
Still, the high-profile breach comes at a time when X and billionaire owner Elon Musk are seeking to win back trust from both users and advertisers, many of which have been dismayed by Mr Musk’s free-for-all style of leadership since his 2022 takeover. Mr Musk has pivoted away from some of the prior regime’s efforts to rein in offensive or harmful content, and has severely scaled back staff to save on costs. Those cuts have led to regular bugs and outages.
Mr Alex Stamos, chief trust officer at SentinelOne and former security chief at Meta Platforms, said: “This has to be the most sophisticated use of a stolen Twitter account ever. At a minimum, this indicates that the hollowed-out X team can’t keep up with advances in account takeover techniques.”
The social media service confirmed that “an unidentified individual” compromised the SEC’s account by acquiring an associated phone number. It added that the regulator had not…