SEC says multi-factor authentication had been turned off in run-up to false X post about bitcoin ETF approval
Quick Take An SEC spokesperson provided an update on Monday on how a phony post was able to go out on its X account earlier this month. The agency’s MFA had been disabled over the summer and remained disabled until that post went out, the spokesperson said.
The Securities and Exchange Commission said Monday that multi-factor authentication on its X account had been disabled in the run-up to a false post earlier this month before spot bitcoin ETFs had been formally approved.
"While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account," the SEC said in a statement on Monday. "Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9."
MFA is enabled now for all SEC social media accounts that offer it, the agency's spokesperson added.
X confirmed in a post on Jan. 9 that the SEC's X account was compromised, as someone obtained control over a phone number associated with the account. The platform's security team noted that the SEC did not set up two-factor authentication for its account when it was compromised.
The agency's lack of MFA garnered criticism from some in Washington D.C., who have called for an investigation into the matter.
'Sim Swap'
The SEC said Monday that an "unauthorized party" obtained control of an SEC cell phone number associated with the account in an apparent "SIM swap" attack. SIM swapping is a technique used to transfer someone's phone number to another device without authorization, they added.
"Access to the phone number occurred via the telecom carrier, not via SEC systems," the spokesperson said. "SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts."
After getting control of the phone number, the unauthorized party reset the password for the SEC's X account, the spokesperson said on Monday.
"Among other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account," the spokesperson said.
The SEC spokesperson also said the agency's staff is continuing to work with the SEC's Office of Inspector General, the FBI, the Commodity Futures Trading Commission, the Department of Justice, among other law enforcement entities.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
SEC to receive record $8.2 billion from enforcement in fiscal 2024, mostly from Terraform Labs
CAT becomes the only BSC chain token in the top 20 Wintermute market-making meme coins
BTC falls below $97,000