The SEC (U.S. Securities and Exchange Commission) has revealed that someone stole a worker’s phone number, used it to get into the SEC’s X account, and sent out a fake tweet saying that a bitcoin exchange-traded product had been approved.
The event took place on January 9, 2024, and made the price of Bitcoin go up for a short time. A method called “SIM swapping” was used by the hacker to take over the phone line, according to the SEC.
The agency also said that for about six months, it had turned off extra security on the X account, which let the hacker in.
The agency’s X account had its password changed by an unknown person who got control of an agency worker’s phone number, according to the SEC. The hacker then sent out a fake tweet saying that the SEC had given the go-ahead for a spot Bitcoin exchange-traded fund to trade in the US.
The price of Bitcoin went up for a short time after the message was removed. Almost a dozen of the products were approved by the government the next day.
An attack known as “SIM swapping” was used by the hacker to take over the phone line. SIM flipping is when a hacker tricks a telecom company into giving the victim’s phone number to a SIM card that the hacker controls.
If someone hacks into your phone number, they can use it to reset your password and get into accounts that use two-factor security.
The SEC reported the event on Monday, January 22, 2024, and said that the hacker was able to get in because extra security had been turned off for about six months on the X account.
The agency also said it had taken steps to make its security better. For example, all SEC social media accounts that offer it now have multi-factor authentication (MFA) turned on.
People who work for the SEC post important news and updates about the agency’s regulatory actions on its X account. Hackers were able to get into the account, which makes people worry about how safe the agency’s systems are and how the market could be manipulated.
People and businesses need to take steps to protect themselves from the risks that come with SIM swapping, which was proven by this event.
The fact that the SEC confirmed the X account hack shows how important it is for businesses to take hacking seriously. People and businesses need to take steps to protect themselves from SIM changing, which is becoming a bigger problem.
It is a good thing that the SEC decided to allow MFA for all social media accounts that offer it, but more needs to be done to protect important systems and infrastructure.