The recent high-profile hacks of accounts on X, formerly Twitter, highlight the security of the social media platform — and serve as a reminder that every user should take the necessary steps to protect their own accounts.
The SEC and even cybersecurity company Mandiant recently saw their X accounts hacked. On Tuesday, the SEC's account posted a fake tweet about the long-awaited approval of bitcoin exchange-traded funds, creating confusion and embarrassment for the agency. Earlier this month, Mandiant, a subsidiary of Google Inc.
Her account was hacked as part of a cryptocurrency scam.
What do these two security breaches have in common? I didn't have either account Two-factor authentication maybe.
Two-factor identification, also known as 2FA, is an essential security measure, cybersecurity experts told MarketWatch. Two-factor authentication is a way for a user to verify their identity before accessing an application. Users type a one-time code that is sent to them via text message or a separate app, or with a physical security key.
This is just one step X users can take to protect their own accounts. Here are some other things cybersecurity experts recommend.
For starters, always use strong passwords, and don't reuse passwords across multiple sites. You should also allow your phone to show pop-up notifications about logins on a device or from a different location than your usual location.
Additionally, one of the most important steps you can take is not to skip system updates on your phone, said Dominic Sillitto, an assistant professor of management science and systems at the University of Buffalo. These updates often feature security improvements, but many people click “Remind me later” when asked to update their phone.
Sillitoe admitted he's been guilty of doing this sometimes, but added that failing to update could result in a security vulnerability that allows scammers to access your accounts.
“They depend on us and we get tired of watching phone replays,” he said.
One additional step people can take to protect themselves on X and other platforms is to set up a dedicated email address for use on the platform and not use it for anything else, said Theresa Payton, CEO of cybersecurity consulting firm Fortalice Solutions. Former White House chief information officer.
She said this way: “If I come close to you [by scammers] On the email account you linked to X, they have no way to access the rest of your life.
Payton also urges people to be wary of text messages or emails from unknown numbers or addresses that alert you to suspicious activity on your account. These are often phishing scams in which criminals try to trick you into revealing personal information. One way to check the authenticity of spam is to copy and paste the text into an online search. Sometimes others who receive the same message may indicate it's a scam, she said.
The price of safety
There's one thing X users should know about two-factor authentication on the platform: Since last spring, the company has put one type of two-factor authentication — the kind in which the code is sent via text message — behind a paywall. It's only available to users of the platform's premium service, formerly known as Twitter Blue, who pay $8 per month.
This means that using the platform's text-based two-factor authentication method costs $84 per year. But users who don't pay for the premium service can still enable two-factor authentication by adding a separate authentication app, like Google Authenticator, to their X account, or by using a Security Key, which is a physical device that requires a USB port.
X did not immediately respond to requests for comment.
But even users who pay for the premium service should know that the textual form of binary identification is not as secure as it once was, security experts said. In the past few years, companies have moved away from using text messages and calling for two-factor authentication, because it has become easier for fraudsters to exploit this method.
Using an authenticator app requires access to the app on your phone, which excludes remote fraudsters from logging into your account. but Security experts like Sillitto still have concerns, including that the inconvenience it causes could prompt people to skip the process altogether. “The average person doesn't want to have six different apps on their phone just to access their accounts. A text message is much easier,” he said.
The risks are increasing
The risks of an X hack may soon increase, because the social media platform wants to become the next Venmo. Platform Published this week It is looking to launch peer-to-peer payments this year, among other steps it plans to take as part of owner Elon Musk's vision to turn it into an “everything app.” If the accounts of people who use X to make and receive payments are compromised, fraudsters can access their banking information.
Although the SEC and Mandiant hacks may raise questions in the public's mind about whether security on
However, Payton noted that X has been slower at removing fraudulent tweets since Musk acquired the platform. She added that other platforms resolve issues more quickly when scammers take over and post from prominent accounts. Given this, it is time for users to tidy up the security of their accounts, she said.
