Crucially, both accounts had the digital protection known as 'two-factor authentication' disabled at the time of the takeovers.
Normally, 2FA would have mitigated this, but due to some team transitions and a change in X's 2FA policy, we were not adequately protected.
[
add
]
[
|
|
...
]