Please note: Most, if not all, of the articles published at this website were completed by Chat GPT (chat.openai.com) and/or copied and possibly remixed from other websites or Feedzy or WPeMatico or RSS Aggregrator or WP RSS Aggregrator. No copyright infringement is intended. If there are any copyright issues, please contact: bicycledays@yahoo.com.
The U.S. Securities and Exchange Commission (SEC) has admitted that a SIM swap attack compromised its X account, where a fake announcement about the approval of spot bitcoin exchange-traded funds (ETFs) was posted. โThe unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent โSIM swapโ attack,โ the regulator said.
SEC Says Itโs a Victim of a SIM Swap Attack
The U.S. Securities and Exchange Commission (SEC) provided an update on Monday regarding the unauthorized access of its @SECGov account on social media platform X. The attack occurred on Jan. 9 and the SECโs X account was used to post an unauthorized message claiming the agency had approved spot bitcoin exchange-traded funds (ETFs). Notably, the agency had not approved spot bitcoin ETFs at that time.
The securities regulator detailed:
Two days after the incident, in consultation with the SECโs telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent โSIM swapโ attack.
โOnce in control of the phone number, the unauthorized party reset the password for the @SECGov account,โ the SEC described. The regulator stressed: โAccess to the phone number occurred via the telecom carrier, not via SEC systems. SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.โ
The SEC further shared: โWhile multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the [SEC] staffโs request, in July 2023 due to issues accessing the account.โ The regulator added:
Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9. MFA currently is enabled for all SEC social media accounts that offer it.
The securities watchdog emphasized that the SEC staff continue to coordinate with several law enforcement and federal oversight entities, including the Federal Bureau of Investigation (FBI), the Department of Homeland Security (DHS), the Commodity Futures Trading Commission (CFTC), the Department of Justice (DOJ), and the SECโs own Division of Enforcement.
โAmong other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account,โ the SEC detailed.
A significant number of SIM swap attacks are targeting crypto investors. Besides the SEC, other notable victims of SIM swap attacks include Ethereum co-founder Vitalik Buterin. Our guide explains how to avert a SIM swap attack.
What do you think about how the SEC got SIM swapped? Let us know in the comments section below.
