The SEC Disables Multi-Factor Authentication on X Account
The Securities and Exchange Commission (SEC) announced that the multi-factor authentication on its X account was disabled before a false post was made regarding the approval of spot bitcoin ETFs. The SEC stated that the disabling of multi-factor authentication was requested by X Support in July 2023 due to issues accessing the account. It remained disabled until after the account was compromised on January 9. The agency’s spokesperson confirmed that multi-factor authentication is now enabled for all SEC social media accounts that offer it.
Compromise of SEC’s X Account
X confirmed in a tweet on January 9 that the SEC’s X account had been compromised. An unauthorized party gained control over a phone number associated with the account, and it was revealed that two-factor authentication had not been set up for the account at the time of the breach. The lack of multi-factor authentication received criticism, leading to calls for an investigation into the matter by some in Washington D.C.
‘SIM Swap’ Attack
The SEC disclosed that an “unauthorized party” took control of an SEC cell phone number through a “SIM swap” attack. SIM swapping is a technique used to transfer someone’s phone number to another device without permission. The spokesperson clarified that access to the phone number occurred through the telecom carrier and not SEC systems. The unauthorized party reset the password for the SEC’s X account after gaining control of the phone number. Law enforcement agencies are currently investigating how this unauthorized party was able to convince the carrier to change the SIM and how they knew which phone number was linked to the account.
Hot Take: Security Concerns Surrounding SEC’s Social Media Accounts
The recent compromise of the SEC’s X account highlights significant security concerns surrounding social media accounts of regulatory agencies. Disabling multi-factor authentication and failing to implement strong security measures can expose these accounts to unauthorized access and false information dissemination. The SEC’s response to this incident, including investigations with law enforcement entities, underscores the importance of safeguarding sensitive information and adopting robust security protocols. As the crypto reader, it is crucial for you to be aware of the security practices employed by regulatory bodies to ensure the integrity of information shared through their social media channels.
By
By
By
By
By