Zerodha's Nithin Kamath says his X account was ‘compromised’ after phishing email — ‘All it takes is one slip of mind’
Zerodha's Nithin Kamath experienced an X account breach due to a phishing email, even with 2FA enabled. He called for a holistic approach to cybersecurity that incorporates human psychology and processes, emphasizing that a single mistake can result in security risks.
Zerodha co-founder Nithin Kamath revealed that his X (formerly Twitter) account was compromised through a phishing email. Although he had 2FA protection, a security feature requiring a second verification step beyond just a password, the attackers still managed to access one session and post scam links. He emphasised the importance of comprehensive cybersecurity strategies that combine technical safeguards with measures to reduce human error.
In a post on the social media platform X, Kamath said, “So, my personal Twitter account was compromised yesterday because I fell for a phishing e-mail early in the morning while at home when browsing on my personal device.”
How did the incident unfold?
Describing the incident, he said, “A momentary lapse in attention. The e-mail got through all spam and phishing filters. I clicked on the 'Change Your Password' link and entered the password. The attackers gained access to a single login session, using it to tweet a few scammy cryptocurrency links. I had 2FA enabled, so luckily, they couldn't take over the full account apart from gaining access to the one session from the phishing flow. Also, the entire thing appeared to be fully AI-automated and not personal.”
‘All it takes is one slip of the mind,’ says Kamath
According to him, cybersecurity requires more than technical solutions; it must also address human psychology and processes. A focus on holistic frameworks is essential, as 2FA alone cannot mitigate the risks posed by human errors, he noted.
“Goes on to show that no matter how careful we are, all it takes is one slip of the mind. As important as technical cybersecurity are human processes, policies, procedures that account for worst-case scenarios and the psychology of the weakest link, which is us. 2FA is absolutely essential, but clearly, it is not a technical solution to human psychology. This is why it is so important for cybersecurity frameworks within organisations and governments to be holistic and not fixate on technical solutions," Kamath wrote.
He added, “Despite awareness, policies, systems, and conversations at Zerodha on these risks on a regular basis, all it took was one slight slip of the mind.”