SEC admits security lapse in to X account breach, Discloses details - CryptoCrazeNews

SEC admits security lapse in to X account breach, Discloses details

SEC admits security lapse in to X account breach, Discloses details

SEC admits security lapse in to X account breach, Discloses details

The U.S. Securities and Exchange Commission (SEC) has disclosed critical information regarding the recent breach of its official account on X, formerly known as Twitter. The breach, which transpired on January 9, involved an unauthorized party gaining access to the @SECGov account and disseminating false information about the approval of the first-ever spot bitcoin exchange-traded funds.

SEC Made some disclosures on security breach

The SEC admitted that a significant security lapse occurred as multi-factor authentication (MFA) had been disabled on the @SECGov X account for about six months leading up to the breach. The disabling of MFA was initiated by X Support at the staff’s request in July 2023 due to issues accessing the account. Shockingly, even after access was reestablished, MFA remained disabled until staff reenabled it following the compromise on January 9. The SEC reassured the public that MFA is currently enabled for all SEC social media accounts that offer this additional layer of security.

Furthermore, the SEC confirmed that the breach was executed through a “SIM swap” attack. In a SIM swap attack, the attacker gains control of the target’s phone number by transferring it to another device without the owner’s permission. They, in turn, used the compromised phone number to reset the account password and gain full control of the @SECGov X account. The SEC emphasized that the unauthorized party accessed the phone number via the telecom carrier and not through any vulnerabilities in SEC systems.

Elon Musk’s mocking response

In response to the breach, X owner and Chief Technology Officer Elon Musk took the opportunity to mock the SEC, an agency with which he has had longstanding disagreements. Musk even shared a post from Twitter Safety, stating that the compromise “was not due to any breach of X’s systems.” People are starting to ask questions about how well government agencies protect their information. Some are criticizing the choice to turn off an extra layer of security called 2FA, saying it was a big mistake.

As reported, the US SEC is working closely with different law enforcement agencies and oversight groups to investigate the security breach. The investigation included the SEC’s Office of Inspector General, the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Commodity Futures Trading Commission, the Department of Justice, and the SEC’s own Division of Enforcement.

Leave a Reply

Your email address will not be published. Required fields are marked *