SEC Confirms: MFA Deactivation Led to Security Breach
The U.S. Securities and Exchange Commission (SEC) has confirmed that an attacker gained unauthorized access to its X account through a SIM swap attack.
On this page
The U.S. Securities and Exchange Commission (SEC) has confirmed that an attacker gained unauthorized access to its X account through a SIM swap attack.
The exact methods used by the attacker to persuade the phone operator to change the SIM card linked to the account, and how they determined the associated phone number, remain unclear.
The hacker published a message about the approval of spot Bitcoin ETFs on January 9, 2024, a day before the official announcement.
It was revealed that the SEC's account lacked multi-factor authentication (MFA) enabled. In July 2023, an SEC staff member requested X support to disable MFA, citing access issues. The MFA feature was only enabled after the account compromise was discovered.
Interestingly, despite SEC Chairman Gary Gensler's prior recommendations on account security, it appears that the SEC itself had not adhered to this advice.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
