False Announcement Sparks Confusion as SEC Twitter Got Hacked
- The SEC's SIM swap breach highlights cybersecurity lapses, prompting a reevaluation of digital asset protection and authentication practices.
- Disabling multifactor authentication increased the SEC's susceptibility, underscoring the critical role of robust security measures in safeguarding accounts.
- Despite the incident, the SEC's approval of Bitcoin ETFs proceeded, influencing cryptocurrency markets and marking a noteworthy development.
SEC Announces SIM Swap Attacks as Reason Behind Twitter Account Hacks
In a surprising turn of events, the United States Securities and Exchange Commission (SEC) has confirmed that it fell victim to a "SIM swap" attack, leading to the dissemination of a false announcement on January 9 regarding the approval of spot Bitcoin exchange-traded funds (ETFs). The misleading post, attributed to the SEC's official Twitter account (@SECGov), stated the approval of Bitcoin ETFs, causing confusion and market speculation.
The SEC spokesperson revealed on January 22 that two days after the incident, it was determined that an unauthorised party had gained control of the SEC's cell phone number through a SIM swap attack. In this type of attack, perpetrators take control of a phone number by having it reassigned to a new device. Once in control of the phone number, the attacker proceeded to reset the password for the @SECGov Twitter account, allowing them to post the false information. Previously on the occasion of Christmas a similar SIM Swap attack had occurred which targeted prominent figures.
Surprisingly, the SEC disclosed that six months before the attack, a staff member had disabled multifactor authentication, an additional security layer, due to difficulties accessing the account. The security measure remained disabled until after the incident on January 9. The SEC is currently working with law enforcement to investigate how the unauthorised party convinced the telecom carrier to change the SIM for the account and how they knew which phone number was associated with the SEC's Twitter account.
Despite the breach, the SEC asserted that there is no evidence suggesting the unauthorised party gained access to other SEC systems, data, or social media accounts. It appears that the attack was isolated to the compromised Twitter account.
Elon Musk Shows Concerns Regarding Security
In response to the news, Elon Musk, renowned entrepreneur and CEO of Tesla and SpaceX, expressed concern over the vulnerability of high-profile accounts. Musk emphasised the importance of robust cybersecurity measures, urging organisations to prioritise the safeguarding of their digital assets and information.
As previously informed on Coin Gabbar news website that the SEC officially approved several spot Bitcoin ETF applications the day following the attack, on January 10. Most of these ETFs commenced trading on January 11, marking a significant development in the cryptocurrency investment landscape.
Also Read : Sega Team Up with Finschia for Web3 Gaming Innovation
