The U.S. Securities and Exchange Commission (SEC) is revealing the details behind the incident where the markets regulator’s account on the social media platform X was accessed by an unauthorized individual and a false message was published.
On January 9th, the false message stated that the SEC had approved all the spot Bitcoin (BTC) exchange-traded fund (ETF) applications.
Minutes later, the commission’s chair Gary Gensler revealed that a hacker had compromised the markets regulator’s X account and published the false message.
According to the SEC, a hacker took control of the market regulator’s X account by employing the SIM swapping technique – changing the phone number associated with an account to one that the hacker controls and consequently allowing the hacker full administrator rights.
“Access to the phone number occurred via the telecom carrier, not via SEC systems. SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.”
The SEC says that the hacker changed the SEC’s X account password after hijacking the phone number linked to the account.
“Among other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account.”
The SEC says that its X account’s multi-factor authentication (MFA) option was disabled at the time of the incident but is now enabled for all the Commission’s social media accounts. Multi-factor authentication is typically considered more secure as users are required to provide at least two pieces of evidence to log in or access a website or an application.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxGenerated Image: Midjourney