US SEC's X account gets hacked, falsely posts about crypto, raising concern over fake news on platform

Following a major security breach, the US Securities and Exchange Commission (SEC) announced that its Twitter account on the social network X was “compromised,” resulting in a sudden spike in the price of Bitcoin.

This incident has reignited concerns about the reliability of X as a source of information and the efficacy of its security practices.

SEC Chair Gary Gensler intervened from his personal X account to clarify the misinformation, stating that the SEC’s Twitter account had been compromised. Despite Gensler’s clarification, the misleading post remained visible on X for approximately 30 minutes, during which Bitcoin’s price experienced a sharp decline.

The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.

— Gary Gensler (@GaryGensler) January 9, 2024

The breach unfolded when a post from the SEC’s official verified account on X inaccurately claimed that the regulator had approved spot-Bitcoin exchange-traded funds, a decision expected later in the week.

Elon Musk responded to the incident with humor, making light of the situation on X. When someone put up a rhetorical question asking people to guess SEC’s X password using wrong answers only, he responded saying:

LFGDogeToTheMoon!!

— Elon Musk (@elonmusk) January 9, 2024

The false information quickly spread online and through media outlets, causing Bitcoin’s price to surge by over 2.5 per cent.

A spokesperson for the SEC confirmed the “unauthorized access” to its X account by an unknown party for a brief period. Joe Benarroch, head of business operations at X, assured that the account is now secure, and an investigation into the root cause is underway.

This security incident comes at a crucial time for X and its owner, Elon Musk, who is working to regain trust from users and advertisers. Musk’s leadership style, marked by significant staff cuts and a departure from previous content moderation efforts, has raised concerns among stakeholders.

Alex Stamos, Chief Trust Officer at SentinelOne, described the breach as “the most sophisticated use of a stolen Twitter account ever,” highlighting potential challenges faced by X in keeping up with evolving security threats.

X confirmed that an unidentified individual compromised the SEC’s account by obtaining an associated phone number, revealing that the regulator had not activated two-factor authentication. All US government social media accounts are required to use multi-factor authentication, but experts noted that this does not eliminate all potential threats.

X has a history of security breaches predating Musk’s ownership, including the compromise of high-profile accounts. Despite previous security measures, incidents such as the deactivation of President Donald Trump’s account in 2017 and the hacking of CEO Jack Dorsey’s account in 2019 underscored the platform’s vulnerability.

The irony of the SEC’s inaccurate post was not lost on observers, considering the commission’s emphasis on internet security in its regulation of public companies. In July, the SEC adopted rules requiring firms to disclose how they identify and manage cybersecurity risks.

The breach could escalate tensions between the SEC and Musk, given their history of conflicts, including an ongoing investigation into Musk’s Twitter share purchases before he acquired X in 2022.

Regardless of the blame for this breach, the incident highlights the importance of robust security measures for high-profile social media accounts, particularly those associated with government entities and financial regulators.

(With inputs from agencies)