SEC Reveals How Hackers Gained Control of Its X Account

The US Securities and Exchange Commission (SEC) faced a significant security breach on January 9, 2024, when its official X (Twitter) account fell victim to a SIM swap attack.

This incident led to a false message being posted about the approval of a spot Bitcoin exchange-traded fund (ETF), triggering a tumultuous response in the cryptocurrency market.

How Hackers Took Control of SEC’s X Account

Two days after the breach, the SEC and its telecom carrier identified the cause: a SIM swap attack. This attack transfers a phone number to a different device without the owner’s knowledge. It allowed unauthorized access to the SEC’s X account.

The SEC claims that the breach did not happen through its system but through its telecom carrier. After gaining control of the SEC’s phone number, the attacker reset the password for the SEC X account. Meanwhile, law enforcement is investigating the SIM swap and how the attacker knew the associated phone number.

Read more: 15 Most Common Crypto Scams To Look Out For

Notably, the SEC is collaborating with the Federal Bureau of Investigation (FBI), Department of Homeland Security, Commodity Futures Trading Commission (CFTC), Department of Justice (DoJ), and its Enforcement Division to investigate the matter. The SEC’s Inspector General is also involved in the investigation.

To the community’s surprise, the SEC had disabled multi-factor authentication (MFA) on the X account since July 2023 due to access issues. Finally, after the breach, the regulator enabled the MFA.

“Saving your staff a few seconds when logging in is probably not worth the billions in damages caused by fraud after being sim swapped,” said Boring Security.

The security lapse had major consequences. A false tweet about a Bitcoin ETF caused a $230 million liquidation in the crypto market. Bitcoin’s price spiked to $48,000, then fell sharply after the SEC exposed the tweet as false.

This breach shows the need for strong security in digital communications. The disabled MFA feature points to the risks of sacrificing security for convenience.

Read more: Crypto Social Media Scams: How to Stay Safe

This incident highlights the ongoing need for vigilance against cyber threats. For organizations like the US Securities and Exchange Commission, protecting digital assets and communication is vital for public trust and financial market integrity.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.

Source: https://beincrypto.com/sec-reveals-how-its-x-account-hacked/