Key Takeaways
- SEC’s cell phone number associated with the account was compromised in an apparent SIM swap attack.
- SEC disclosed that six months prior to the attack, a staff member had removed multifactor authentication due to account access issues.
In a surprising update, the U.S. Securities and Exchange Commission (SEC) shed light on the recent breach of its official Twitter account (formerly X), attributing the incident to a SIM swap attack. This disclosure unravels the mystery surrounding the misleading post that falsely asserted the approval of the inaugural spot bitcoin exchange-traded funds (ETFs), causing a momentary surge in Bitcoin prices.
The SEC disclosed that an unknown individual took control of an agency employee’s phone number, executing a SIM swap to change the password for the @SECGov account. This unauthorized post on January 9th led to a brief Bitcoin price hike, reaching nearly $48,000 before settling back below $46,000 when the SEC clarified the lack of approval for the Bitcoin ETF.
Investigations revealed that the SEC’s cell phone number associated with the account was compromised in an apparent SIM swap attack. This type of attack involves transferring a phone number to another device without the owner’s permission, enabling the attacker to intercept SMS messages and calls intended for the victim.
Law enforcement is now actively probing how the unauthorized party convinced the carrier to change the SIM and how they knew the phone number linked to the SEC’s X account. Intriguingly, the SEC disclosed that six months prior to the attack, a staff member had removed multifactor authentication due to account access issues. This security measure was only reinstated after the January 9th incident.
Contrary to concerns, the hackers did not gain access to the SEC’s internal systems, data, devices, or other social media accounts. The SIM swap occurred through the telecom carrier, emphasizing the importance of securing phone numbers linked to high-profile accounts. The SEC is collaborating with various law enforcement entities, including the FBI, to unravel the intricacies of the attack.
