Hacks of famous X accounts continue, activate double authentication


Three famous accounts on X (formerly Twitter) were hacked in less than 10 days. Hackers took advantage of the removal of an option on the social network.

On January 10, 2024, the X account (formerly Twitter) of the American market regulator (the SEC) was hacked to spread crypto scams. The same day, CoinGecko, a cryptocurrency data aggregator, suffered the same fate. A week earlier, the X account of Mandiant, a cybersecurity group owned by Google, was hacked and misused to promote false ads.

Hacking accounts followed by thousands (or even millions) of people to turn them into crypto scam pages is a common method used by scammers. The creator of Ethereum was himself the victim of a hack last September. And if there have been so many hijackings lately, it’s because hackers are taking advantage of a lack of communication from X.

The US Securities and Exchange Commission's fake crypto promotion announcement. // Source: Numerama
The US Securities and Exchange Commission’s fake crypto promotion announcement. // Source: Numerama

The social network bought by Elon Musk has made double authentication by SMS payable for all users. Only subscribers with the certified blue badge can activate this option. However, it is always possible to add a second authentication for free, including by application.

Of course, Elon Musk and the media shared this information almost a year ago, but it is difficult to reach the 400 million users of the platform. It is therefore a boon for hackers, who brought out the old technique of brute force – a machine that tests billions of passwords in a few minutes – to take control of famous accounts. Cybersecurity company Mandiant openly admitted forgot to enable two-factor authentication after X’s policy change.

Normally 2FA would have mitigated this issue, but due to some teams transitioning and a change in X's 2FA policy, we were not adequately protected. // Source: XNormally 2FA would have mitigated this issue, but due to some teams transitioning and a change in X's 2FA policy, we were not adequately protected. // Source: X
Due to some teams transitioning and a change in X’s 2FA policy, we were not adequately protected. » // Source:

How to enable two-factor authentication on X

Several American deputies demanded answers from the American markets authority, which passed the buck to X for security concerns. The social network has for its part declared that the “SEC” account had simply not activated double authentication and also invites all users to activate it.

Since you will not get concrete answers from You can choose two free options: use an authentication application (example: Google Authenticator) or use a security key.

Go to Twitter settings, “Privacy and security” section, then choose “Two-factor authentication”. // Source: NumeramaGo to Twitter settings, “Privacy and security” section, then choose “Two-factor authentication”. // Source: Numerama
Go to the X settings, “Privacy and security” section, then choose “Two-factor authentication”. // Source: Numerama

Subscribe to Numerama on Google News so you don’t miss any news!





Source link -100