In a recent revelation, the U.S. Securities and Exchange Commission (SEC) disclosed that the compromise of its official Twitter account was a result of a SIM swap attack. The incident, which falsely claimed approval for spot bitcoin exchange-traded funds (ETFs), led to a temporary surge in Bitcoin prices. Here are the key takeaways:
The SEC’s official Twitter account (@SECGov) was compromised through a SIM swap attack, where an unknown individual took control of an agency employee’s phone number.
The unauthorized post on January 9th, falsely announcing approval for Bitcoin ETFs, caused a brief spike in Bitcoin prices to nearly $48,000 before clarification from the SEC.
Investigations are underway to determine how the attacker convinced the telecom carrier to change the SIM and obtain the SEC’s phone number associated with the Twitter account.
Prior to the attack, a staff member had removed multifactor authentication due to account access issues, which was reinstated after the incident.
Fortunately, the hackers did not gain access to internal systems, data, devices, or other social media accounts of the SEC. The breach was limited to the compromised Twitter account.
The SEC is collaborating with law enforcement agencies, including the FBI, to unravel the details of the SIM swap attack.
This incident underscores the vulnerability of high-profile accounts linked to phone numbers and emphasizes the importance of robust security measures, including multifactor authentication.
