US lawmakers have urged the Securities and Exchange Commission (SEC) to review its cyber security preparedness after the financial regulator’s X account posted market material information earlier in the week due to a hack.
Someone briefly accessed its X, formerly called Twitter, account this week, the agency had confirmed, and posted a fake message saying it had approved exchange traded funds (ETF) for bitcoin.
The SEC eventually approved the first US-listed ETFs to track bitcoin the following day, but the unauthorised post a day earlier led to a rise in the price of Bitcoin to around US$48,000 ($71,770) before falling to below US$45,000 minutes later.
In a letter to the agency on Thursday, Ron Wyden, a Democratic senator from Oregon, and Cynthia Lummis, a Republican senator from Wyoming, sought an investigation into the incident, which they deemed as “SEC’s apparent failure to follow cyber security best practices”.
X, which is owned by billionaire and Tesla boss Elon Musk, confirmed that hack.
It said that an “unidentified individual” obtained control over a phone number associated with the agency’s account and that the SEC did not have multi-factor authentication enabled at the time.
Multi-factor authentication (MFA) is a two-pronged privacy tool which allows access to an internet account only after the user has keyed in the password and a security key sent over on email, to a phone or generated via an authenticator app or fob.
“We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed,” Wyden and Lumis said in their letter.
The SEC had earlier said it was working with law enforcement to investigate the hack.