I mean, it’s in the link - 

“While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account. Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9.” 

 I did the classic, not open the link before posting. I admit, shame on me. Thanks for calling this out.  

 Herp Derp Security Firm