The U.S. Securities and Exchange Commission (SEC) has acknowledged a SIM swap attack that led to the compromise of its X account. In this incident, an unauthorized party took control of the SEC cell phone number linked to the account through what appears to be an SEC got sim swapped attack. The breach resulted in the posting of a fraudulent announcement within the X account, falsely claiming approval for spot bitcoin exchange-traded funds (ETFs).
The SEC Acknowledges Falling Victim to a SIM Swap Attack
On Monday, the U.S. Securities and Exchange Commission (SEC) issued an update regarding the unauthorized access to its social media platform X account, @SECGov. The security breach took place on January 9, during which the SEC’s X account was utilized to share an unauthorized message falsely asserting the agency’s approval of spot bitcoin exchange-traded funds (ETFs). It’s crucial to note that, at the time of the incident, the SEC had not granted approval for spot bitcoin ETFs. The securities regulator provided the following details:
Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.
Unauthorized Access Details: SEC Clarifies Phone Number Control and Multi-Factor Authentication Status
Having gained control of the phone number, the unauthorized party proceeded to reset the password for the @SECGov account, as detailed by the SEC. Emphasizing that access to the phone number occurred through the telecom carrier and not SEC systems; the regulator stated that there is no evidence indicating the unauthorized party gained entry to SEC systems, data, devices, or other social media accounts.
Additionally, the SEC disclosed that although multi-factor authentication (MFA) had been previously enabled on the @SECGov X account, it was disabled by X Support in July 2023 at the request of SEC staff, citing difficulties in accessing the account. The regulator further conveyed:
Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9. MFA currently is enabled for all SEC social media accounts that offer it.
Investigation Collaboration: SEC Teams Up with Law Enforcement to Unravel SIM Swap Attack Details
The securities regulator underscored its ongoing collaboration with various law enforcement and federal oversight entities, including the Federal Bureau of Investigation (FBI), the Department of Homeland Security (DHS), the Commodity Futures Trading Commission (CFTC), the Department of Justice (DOJ), and the SEC’s Division of Enforcement. The SEC staff is actively engaged in investigations, particularly delving into the methods employed by the unauthorized party to convince the carrier to change the SIM for the account and how they obtained knowledge of the associated phone number.
The SEC elaborated, stating that law enforcement is currently exploring these aspects, among other details. Notably, a surge in SIM swap attacks, a trend affecting numerous crypto investors, has been observed. In addition to the SEC, prominent figures such as Ethereum co-founder Vitalik Buterin have also fallen victim to SIM swap attacks. For guidance on avoiding such attacks, refer to our comprehensive guide.
Conclusion
The SEC got a sim swapped attack on its @SECGov account, highlighting the growing threat of cybercrimes against prominent financial entities. Despite the breach, the regulator asserts that no evidence points to unauthorized access to its internal systems or data. Ongoing collaboration with law enforcement agencies aims to uncover the methods used by the attackers. The incident serves as a stark reminder of the importance of robust cybersecurity measures, emphasizing the need for continuous vigilance and adaptive security protocols to safeguard sensitive financial information in an increasingly digital landscape.
Also Read: Morgan Stanley Warns of Impending Shift as Cryptocurrencies Challenge U.S. Dollar’s Dominance.