January 12, 2024 at 05:43PM
Senators Wyden and Lummis have criticized the SEC for its failure to implement basic multifactor authentication (MFA) protections following the compromise of the X Twitter account. They have urged the Inspector General to investigate this cybersecurity lapse, emphasizing the potential impact on market stability and trust. The SEC’s failure to adopt MFA and security keys is deemed “inexcusable.”
The meeting notes highlight the concerns raised by Senators Ron Wyden and Cynthia Lummis regarding the Securities and Exchange Commission’s (SEC) cybersecurity practices in the wake of the compromise of Twitter’s X account. The Senators referred to the hack as “inexcusable” and called for an investigation into the SEC’s failure to implement basic multifactor authentication (MFA) protections. They emphasized the potential impacts on the financial system and public trust in markets, urging the SEC to examine its practices related to MFA, including phishing-resistant options.
The notes also mention Twitter’s policy change to offer text-based two-factor authentication only to premium subscribers since March 2020. Other organizations, such as Google’s cybersecurity team Mandiant and car company Hyundai, have also been targeted by crypto hackers who were aware of Twitter’s new policy. Senator Wyden’s office specifically questioned why the SEC did not implement an alternative MFA process, such as a third-party authentication app or security key, after Twitter’s policy change.
The breach of the SEC’s X account involved the compromise of a phone number associated with the account, which was exploited by the hackers to manipulate the bitcoin market. The Senators highlighted that the SEC should have utilized phishing-resistant hardware tokens, such as security keys, and criticized the agency for not following cybersecurity best practices despite its stringent oversight of enterprise cybersecurity.
Overall, the meeting notes reflect the Senators’ strong condemnation of the SEC’s cybersecurity lapses and their call for thorough investigation and improved MFA measures within the agency.