New details emerge about SEC’s X account hack, including SIM swap
2 min read
The U.S. Securities and Exchange Commission said on Monday that a SIM swap attack was to blame for the breach of its official account on X, formerly known as Twitter, earlier this month.
On Jan. 9, an unauthorized party gained access to the @SECGov account and displayed a fake post claiming the agency had approved the first-ever spot bitcoin exchange-traded funds. The cryptocurrency market moved following the unauthorized post, with bitcoin prices initially shooting up to nearly $48,000 from a low that day of just above $45,000. Then, after the SEC clarified that it had not yet approved the bitcoin ETF, prices fell below $46,000.
“Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack,” an SEC spokesperson said in a statement.
A SIM swap is when a phone number is transferred to another device without the permission of the owner, allowing the bad actor to receive SMS messages and voice calls intended for the victim.
With access to the phone number, the unidentified individual then reset the account password. Since the SEC did not have two-factor authentication enabled, the SIM swap and subsequent password change were the only two steps necessary to gain full access to the agency’s account.
“While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account,” the SEC said in the statement.
“Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9,” the statement continued. “MFA currently is enabled for all SEC social media accounts that offer it.”
The agency had the ability to switch two-factor authentication back on for their X account and was not reliant on X to do so.
X owner and Chief Technology…
2024-01-22 16:00:00
All news and articles are copyrighted to the respective authors and/or News Broadcasters. VIXC.Com is an independent Online News Aggregator
Read more from original source here…
