SEC disabled 2FA on X months before unauthorized ETF post

The SEC has since published a post-mortem in which it admitted agency staff disabled multi-factor authentication in July after encountering trouble accessing the account. A bad actor also obtained control over a phone number linked to the account, an attack known as SIM swapping.

https://www.sec.gov/secgov-x-account

Complacency is a threat to security. It's all too common for someone to disable a necessary control and forget to re-enable it later. Wired has a good guide on how to enable 2FA on X if you haven't before.

How to Stop Your X Account From Getting Hacked Like the SEC’s

The US Securities and Exchange Commission and security firm Mandiant both had their X accounts breached, possibly due to changes to X’s two-factor authentication settings. Here’s how to fix yours.

https://www.wired.com/story/sec-mandiant-x-two-factor-settings/