While Twitter is the poster child for all that’s wrong with the internet, it is a popular communications platform. As such, it’s better for organizations like the SEC to have an official account than not. With an official account, which is advertised on the official SEC website, there can be some confidence about what idiot posting stuff on the platform is actually the real idiot from the SEC. That said, based on previous reporting of the breach

While X did not respond to WIRED’s request for comment, the company confirmed the breach of the @SECGov account in a post on X. “We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” the company wrote. “We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised.”

At this point, the fact that the official SEC account didn’t have two-factor authentication (2FA) turned on should be a Resume Generating Event for the entire management. If you aren’t smart enough to turn on 2FA for anything and everything important, you’re too stupid to be in charge of anything more advanced than an etch-a-sketch.