Social media platforms like X are key tools for building your brand, connecting with customers, and driving sales. Unfortunately, a hacked account could disrupt your business operations and cause you to lose revenue. Plus, it can hurt your reputation and break the trust you’ve built with your audience. If you use X for your business, protecting your account should be part of your security plan.
Who's Most at Risk of Being Hacked?
Hackers typically target high-value X accounts, such as brands, public figures, media outlets, and government agencies. These accounts are prime targets because they often have verified badges and large followings, making them powerful tools for spreading scams, disinformation, or harmful messages.
Top Reasons Hackers Target High-Value X Accounts
VenariX tracks numerous incidents involving social media account compromises, many of which targeted high-profile X accounts. These attacks are often designed to exploit the account's reach, credibility, and influence for malicious purposes. Below are some of the most common reasons.
Phishing and Scam Distribution
Hackers use hijacked accounts to post phishing links and promote fraudulent schemes, often exploiting the account’s large audience to spread scams quickly. For example:
SEC (January 2024): Hackers falsely announced the approval of a Bitcoin ETF, causing Bitcoin’s price to spike by $1,000 before crashing by $2,000. The SEC confirmed that unauthorized access was gained through a SIM-swapping attack.
CoinGecko (January 2024): Hackers gained access after an employee clicked a phishing Calendly link, which allowed unauthorized app access. The attackers used the account to promote a fake cryptocurrency launch.
Mandiant (2024): The cybersecurity firm’s account was compromised and used to promote fraudulent websites that drain crypto wallets. The breach was possible because the account did not have two-factor authentication (2FA).
Hacktivism
In some cases, hackers break into accounts to spread political messages or amplify social causes. These attacks are often motivated by ideology rather than financial gain.
How Accounts Get Hacked
Phishing Emails Pretending to Be from X
Phishing emails often mimic official X communications in an attempt to steal your login details. Common subject lines include:
We noticed a login to your account from a new device
New verification policy: Verify your account to avoid badge removal
Notice of verified account removal or blacklist
You have 1 notification from Twitter Verified
Copyright infringement warning
When you click the link, you will likely be redirected to a fake X login page created to capture your login credentials.
Phishing Links Sent via X DMs
Hackers send phishing links via direct messages, often using fake promotions or urgent warnings to trick you into clicking.
Third-Party Apps with Unauthorized Read or Write Access
Phishing campaigns sometimes trick users into authorizing malicious third-party apps that gain access to their X account and post on their behalf.
Weak Passwords and No 2FA (Brute Force or Password Guessing)
Simple or reused passwords could make your account easy to hack, especially without two-factor authentication (2FA).
Why 2FA Isn’t Always Enough
Two-factor authentication (2FA) adds an extra layer of security, but attackers have developed methods to bypass it. Here are two common techniques:
Proxy Relay Attack
In this attack, hackers create a fake login page identical to X’s. When you enter your username, password, and 2FA code, the hacker intercepts this information and relays it to the real X login page in real time. This gives them full access to your account without triggering any security alerts.
The best defense against this type of attack is using FIDO2 security keys (e.g., YubiKey). FIDO2 keys use cryptographic authentication. This means that to complete a login, you must physically connect or tap your security key to prove that you are the legitimate account owner. Unlike SMS or app-based codes, FIDO2 keys don’t generate numbers that hackers can intercept or trick you into entering on a fake website.
Unauthorized Third-Party App
Hackers may trick you into granting access to a malicious third-party app through phishing. For example, you might receive an email or direct message with a link to a fake collaboration tool or calendar invite. Once you authorize the app, the hacker gains permission to post or access your account without needing your password or 2FA.
The best defense against unauthorized third-party apps is staying aware of phishing schemes and regularly reviewing your connected apps. Be cautious of links that ask you to authorize apps, and remove any you don’t recognize or no longer use.
Steps to Secure Your X Account
Enable 2FA: Use FIDO2 security keys for the strongest protection against phishing-based 2FA bypass attacks. If security keys aren’t an option, use an authenticator app (e.g., Google Authenticator). To enable 2FA, go to Settings & Privacy > Security and account access > Security > Two-factor authentication and check your preferred method.
Store Backup Codes: Backup codes are one-time codes that let you access your account if your usual 2FA method isn’t available. You should save your X backup code in a secure place, such as a password manager, to regain access if you ever get locked out. To get your backup code, go to Settings & Privacy > Security and account access > Security > Additional methods > Backup codes and click Copy code.
Enable Password Reset Protection: Add an extra security check to prevent unauthorized password changes. To enable, go to Settings & Privacy > Security and account access > Security > Additional password protection and check Password reset protection.
Check Connected Apps: Review and revoke access to third-party apps you don’t recognize or trust. To check your connected apps, go to Settings & Privacy > Security and account access > Apps and sessions > Connected apps.
Review Account Delegations: Check which users or accounts have permission to manage or access your X account. Remove anyone who no longer needs access. To check who has delegated access to your account, go to Settings & Privacy > Security and account access > Delegate > Members you've delegated.
Filter Spam Messages: Enabling this setting reduces phishing attempts through direct messages (DMs). To do this, go to Settings & Privacy > Privacy and Safety > Direct Messages and check Filter low-quality messages.
Monitor Active Sessions: Regularly check for and log out of unrecognized devices or locations. To do this, go to Settings & Privacy > Security and account access > Apps and sessions > Logged-in devices and apps.
If your X account helps you generate revenue or promote your business, take a few minutes to follow the steps outlined above. It’s a small effort that can prevent big problems.