Fraud Management & Cybercrime , Social Engineering , Social Media

Hackers Used SIM Swapping to Breach US SEC X Account

Hackers Spread Fake News About SEC Approving Spot Bitcoin Exchange-Traded Fund
Hackers Used SIM Swapping to Breach US SEC X Account
The U.S. Securities and Exchange Commission said it has been the victim of a SIM swap attack. (Image: Shutterstock)

It wasn't a sophisticated hack on Jan. 9 that allowed hackers to briefly take control of an official U.S. Securities and Exchange Commission social media account, the agency said Monday. The hackers simply scammed the account's mobile phone provider to take control of the telephone number tied to the account and used that access to reset the password.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

The market regulator said Monday that an unauthorized party had obtained control over the telephone number associated with the X, formerly Twitter, account in an apparent SIM swap attack - allowing the attacker to transfer the phone number to another mobile device.

The hacker used a period of access to boost fake cryptocurrency news ahead of a decision by commissioners to approve the first U.S.-listed exchange-traded funds tracking bitcoin (see: US Securities and Exchange Commission Probes X Account Hack).

SIM swap social engineering attacks have repeatedly been used to take control of high-profile social media accounts and post messages that tie to cryptocurrency scams, as well as to gain access to and drain cryptocurrency accounts.

At the time the account was compromised, the social media platform reported that two-factor authentication had not been enabled. The SEC said Monday that agency staff had requested months earlier that the extra verification step be turned off "due to issues accessing the account." Multifactor authentication "currently is enabled for all SEC social media accounts that offer it," the agency said.

In a Jan. 10 letter to SEC Chairman Gary Gensler, House Financial Services Committee Republican members said they "expect the SEC to hold itself to the same requirements that are imposed on companies throughout the country."

The SEC said it is collaborating with various law enforcement and federal oversight bodies, including the SEC Office of Inspector General, the FBI, the Department of Justice, the Cybersecurity and Infrastructure Security Agency and the Commodity Futures Trading Commission.

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.