Zerodha co-founder Nithin Kamath revealed that his X (formerly Twitter) account was compromised via a phishing email. Even though it had 2FA protection, a security feature requiring a second authentication step beyond just a password, attackers still managed to gain access to a single session and post fraudulent links. He emphasized the importance of comprehensive cyber security strategies that combine technical safeguards with measures to reduce human error.
In a post on social media platform X, Kamath said, “So my personal Twitter account was compromised yesterday because I received a phishing email early this morning while browsing on my personal device at home.”
How did the incident develop?
Describing the incident, he said: “Immediate attention lapses. The email went through all the spam and phishing filters. I clicked on the ‘Change password’ link and entered the password. The attackers gained access to one login session, which they used to tweet several fraudulent cryptocurrency links. I had 2FA access to the account enabled, so luckily I was able to get the full session, except for the phishing stream. It appeared that the thing is fully automated AI and not personal.”
“It only needs one flight,” says Kamath
According to him, cyber security requires more than technical solutions; it must also deal with human psychology and processes. Focusing on holistic frameworks is critical because 2FA alone cannot mitigate the risks posed by human error, he noted.
“It goes on to show that no matter how careful we are, one slip is all it takes. Just as important as technical cybersecurity are human processes, policies, procedures that account for worst-case scenarios and the psychology of the weakest link, which is us. 2FA is absolutely critical, but it’s clear that it’s not a technical solution to human psychology. That’s why it’s so important that cyber organizations and government organizations patched cybersecurity frameworks. about technical solutions,” wrote Kamath.
He added: “Despite awareness, policies, systems and conversations at Zerodha about these risks on a regular basis, all it took was one small slip.
