The US Securities and Exchange Commission (SEC) announced on Monday that a SIM swapping attack was responsible for the recent hack of its official account on X (formerly Twitter).
The SEC confirmed that since two-factor authentication was turned off by them 6 months ago, the only steps required for the intruder to gain full access to the institution’s account was a SIM swap followed by a password change.
An SEC spokesperson made the following statement:
“Two days after the incident, the SEC consulted with the telecom operator and determined that the unauthorized party had gained control of the SEC mobile phone number associated with the account through an apparent ‘SIM swapping’ attack.”
SIM swapping is known as a malicious process where a phone number is transferred to another device without the owner’s consent, allowing the perpetrator to receive SMS messages and voice calls intended for the victim. An unidentified person who accesses the phone number can change the account password.
The SEC explained that although multi-factor authentication (MFA) was previously enabled on the @SECGov X account, it was disabled by X Support in July 2023 due to account access issues. The statement continued: “MFA was disabled after access was restored until it was reactivated by staff when the account was compromised on January 9.”
The SEC said there was no evidence that an unauthorized party gained access to SEC systems, data, devices or other social media accounts. The agency stated that “access to the phone number occurred through the telecom operator” and that security forces are still investigating how this person enabled the operator to change the SIM for the account and how the party knew which phone number was associated with the account.
After taking over the SEC account, the hacker made a false statement that Bitcoin Spot ETFs were approved.
*This is not investment advice.
Follow our Telegram and Twitter account now for exclusive news, analytics and on-chain data!
Source: https://en.bitcoinsistemi.com/sec-hacked-ahead-of-bitcoin-spot-etf-approval-finally-reveals-how-it-happened-they-turned-off-multi-factor-verification-themselves/