- SEC’s X account was compromised through a “SIM swap” attack, hijacking the linked phone number.
- Multi-factor authentication (MFA) was disabled at the SEC’s request in July 2023.
- Investigation ongoing, focusing on attack method and attacker’s knowledge of phone number.
In a recent update on the security breach of the SEC’s official X account (@SECGov), the regulator disclosed that unauthorized access occurred due to a SIM swap attack and a disabled multi-factor authentication (MFA) feature.
During the ongoing investigation, the SEC revealed that the unauthorized party gained control of the SEC phone number linked to the account through a “SIM swap” attack. By exploiting this method, the unauthorized party bypassed password reset protections and took control of the @SECGov X account.
For those unfamiliar, SIM swapping is a technique where an attacker tricks a telecom carrier into transferring a phone number to a new device. This allows the attacker to receive calls and texts meant for the original owner.
The SEC however clarified that the “access to the phone number occurred via the telecom …
The post SEC X Account Breach: SIM Swap Attack Bypassed Disabled MFA appeared first on Coin Edition.