Mandiant, SEC Lose Control of X Accounts Without 2FA

Mandiant temporarily lost control of its X account to cryptocurrency-drainer malware operators because it did not have two-factor authentication enabled after X limited SMS 2FA to paid subscribers; the SEC's X account was also hijacked via a compromised phone number, demonstrating how platform policy changes and understaffed security teams can enable account takeovers and related fraud.