The hack of the Securities and Exchange Commission\u2019s (SEC) account on X, the platform formerly known as Twitter, earlier this month was the result of a \u201cSIM swap\u201d attack, an agency spokesperson said Tuesday.<\/p>\n\n\n\n
An \u201cunauthorized party\u201d used SIM swapping to obtain control of the phone number associated with the SEC\u2019s X account and reset the password, the spokesperson said. <\/p>\n\n\n\n
SIM swapping allows scammers to receive voice and SMS communications associated with a phone number by transferring the number to an unauthorized device.<\/p>\n\n\n\n
The SEC spokesperson said access to the phone number occurred via the agency\u2019s telecom carrier, noting there is no evidence the unauthorized party \u201cgained access to SEC systems, data, devices, or other social media accounts.\u201d<\/p>\n\n\n\n
\u201cAmong other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account,\u201d the spokesperson added.<\/p>\n\n\n\n
Multifactor authentication for the SEC\u2019s account had also been disabled at the request of the agency\u2019s staff last July \u201cdue to issues accessing the account\u201d and remained disabled until the hack on Jan. 9, the spokesperson said.<\/p>\n\n\n\n
\u201cMFA currently is enabled for all SEC social media accounts that offer it,\u201d they added.<\/p>\n\n\n\n
The SEC revealed its X account had been hacked earlier this month, after it appeared to approve several highly anticipated bitcoin investment funds. <\/p>\n\n\n\n
While the agency quickly took down the fake announcement and replaced it with a disavowal, the breach prompted criticism and calls for investigation from lawmakers on both sides of the aisle, particularly after X revealed the SEC\u2019s account did not have two-factor authentication enabled.<\/p>\n\n\n\n