SEC Got SIM Swapped: How Hacker Gained Control of SEC’s X Account
The U.S. Securities and Exchange Commission (SEC) has admitted {that a} SIM swap assault compromised its X account, the place a pretend announcement in regards to the approval of spot bitcoin exchange-traded funds (ETFs) was posted. “The unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack,” the regulator stated.
SEC Says It’s a Victim of a SIM Swap Attack
The U.S. Securities and Exchange Commission (SEC) offered an replace on Monday concerning the unauthorized entry of its @SECGov account on social media platform X. The assault occurred on Jan. 9 and the SEC’s X account was used to publish an unauthorized message claiming the company had authorized spot bitcoin exchange-traded funds (ETFs). Notably, the company had not authorized spot bitcoin ETFs at the moment.
The securities regulator detailed:
Two days after the incident, in session with the SEC’s telecom service, the SEC decided that the unauthorized occasion obtained management of the SEC cellular phone quantity related to the account in an obvious ‘SIM swap’ assault.
“Once in control of the phone number, the unauthorized party reset the password for the @SECGov account,” the SEC described. The regulator stressed: “Access to the phone number occurred via the telecom carrier, not via SEC systems. SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.”
The SEC additional shared: “While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the [SEC] staff’s request, in July 2023 due to issues accessing the account.” The regulator added:
Once entry was reestablished, MFA remained disabled till workers reenabled it after the account was compromised on January 9. MFA at the moment is enabled for all SEC social media accounts that provide it.
The securities watchdog emphasised that the SEC workers proceed to coordinate with a number of legislation enforcement and federal oversight entities, together with the Federal Bureau of Investigation (FBI), the Department of Homeland Security (DHS), the Commodity Futures Trading Commission (CFTC), the Department of Justice (DOJ), and the SEC’s personal Division of Enforcement.
“Among other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account,” the SEC detailed.
A major variety of SIM swap assaults are concentrating on crypto buyers. Besides the SEC, different notable victims of SIM swap assaults embrace Ethereum co-founder Vitalik Buterin. Our guide explains how one can avert a SIM swap assault.
What do you consider how the SEC acquired SIM swapped? Let us know within the feedback part under.