The recent security breach at the Securities and Exchange Commission (SEC) serves as a stark reminder of the constant threat posed by cybercriminals. In the wake of this incident, cybersecurity expert Rachel Tobac offers invaluable advice for X users seeking to fortify their accounts and ward off similar attacks.
The SEC’s account fell victim to a breach on X, formerly known as Twitter, on Jan. 9, when hackers falsely claimed the approval of exchange-traded funds. While the SEC later confirmed the approval of 11 tradable spot bitcoin exchange-traded funds (ETFs), the repercussions were already felt, with Bitcoin prices plummeting by approximately 6% to nearly $44,000.
“I would say I did see this coming,” remarked Tobac, a renowned “friendly hacker.” “Unfortunately, there’s a lot of reasons why these types of attacks happen…We see account takeovers happen all the time, especially in the crypto space on Twitter.”
IT Brew caught up with Tobac, the co-founder and CEO of SocialProof Security in San Francisco, California, to delve into the hack and explore strategies for preventing account takeovers on X.
- Remove Phone Numbers from X and Other Valuable Accounts: Eliminating your phone number from X and other significant accounts can thwart SIM swapping, a technique used by malicious actors to hijack phone numbers. By contacting your telephone company and impersonating you, hackers can switch your number to their SIM card, gaining unauthorized access. “A lot of users don’t realize that when they went through the verification process, the phone number was then stored on their account,” Tobac explained. “Now Twitter has this kind of insecure way of allowing you to reset your password.”
- Enable Multi-Factor Authentication (MFA): While X’s policy shift on two-factor authentication (2FA) may have left text message-based 2FA users vulnerable, Tobac recommends activating app-based MFA instead. Despite the inconvenience, MFA provides an additional layer of security against SIM swapping and other forms of cyber attacks. Tobac advises users to extend MFA protection to third-party apps like Sprout Social and Hootsuite.
- Employ Strong, Unique Passwords: Tobac underscores the importance of using lengthy, random, and distinct passwords for X and associated accounts. Employing a password manager can facilitate the management of multiple complex passwords, reducing the risk of unauthorized access. “Using a long, random, and unique password will raise the bar for attackers and make it harder for them to get into your account,” Tobac emphasized.
By implementing these proactive measures, X users can bolster the security of their accounts and mitigate the threat of cyber intrusions. Taking steps to safeguard personal data is paramount in today’s digital landscape, where the risk of cyber attacks looms large.
