SEC Admits MFA Deactivation Led to X Account Hack

The U.S. Securities and Exchange Commission (SEC) has confirmed a breach of its official X account (formerly Twitter), attributing the incident to a SIM swap attack. This security lapse occurred on January 9 when an unauthorized entity gained control of the @SECGov handle, erroneously announcing the SEC’s approval of the first-ever spot bitcoin exchange-traded funds.

Impact on Cryptocurrency Market

Following the false tweet, the cryptocurrency market witnessed immediate fluctuations. Bitcoin’s value soared to approximately $48,000 before plummeting below $46,000 once the SEC refuted the approval of the Bitcoin ETF. 

Investigations revealed that the breach was facilitated by a SIM swap, wherein the victim’s phone number was illicitly transferred to another device. This enabled the perpetrator to intercept SMS messages and calls, ultimately resetting the account’s password. Compounding the issue was the absence of two-factor authentication (MFA) on the SEC’s account, a critical security feature that had been disabled since July 2023 due to access difficulties.

Reactions and Responses

Elon Musk, X’s owner and a long-time critic of the SEC, responded to the incident with mockery. In contrast, X denied any system breach on their part. Meanwhile, the SEC confirmed the lack of evidence pointing to any compromise of their other systems, data, or devices. The breach was isolated to the telecom carrier, sparking a comprehensive investigation involving multiple law enforcement and federal agencies.

SEC’s Security Measures

Post-incident, the SEC has reactivated MFA for all its social media accounts. This move reflects a heightened awareness of digital security risks and the necessity of robust protective measures in safeguarding sensitive information, particularly for influential government agencies.

Moreover, multiple law enforcement and federal agencies, including the FBI and Department of Homeland Security, are investigating the breach. They aim to uncover how the attacker persuaded the telecom carrier to execute the SIM swap and how they knew the specific phone number linked to the SEC’s account.

Read Also: Grayscale Facing Intense Backlash for Market Meltdown, Here’s Why

The post SEC Admits MFA Deactivation Led to X Account Hack appeared first on CoinGape.

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ January 1, 1970 12:00 am