Hacker Exploits SEC's Absence of Two-Factor Authentication, Causes Crypto Market Chaos
Summary:
The X Safety team revealed the lack of two-factor authentication (2FA) on the main X account of the US Securities and Exchange Commission (SEC), leading to a cyber-attack. The breach, attributed to an unidentified person gaining control of the associated phone number, sent shockwaves across crypto markets with a deceptive confirmation of a spot Bitcoin ETF from the SEC's official account on X.
The X Safety squad has announced a surprising fact that the main X account of the US Securities and Exchange Commission (SEC) wasn’t secured with two-factor authentication (2FA). This lack of security measure allowed a hacker to infiltrate their account. This unfortunate revelation for the SEC comes right after a cybersecurity breach that created an unwarranted upheaval in the crypto market due to a falsely verified post about a spot Bitcoin ETF from the SEC’s official X account.
On Jan 10 the Safety division of X disclosed via a post that the SEC account was hacked by an anonymous person who was able to gain control over the phone number linked to the SEC's official X account. This hacking technique is broadly referred to as a SIM swap hack. What transpired was that the @SECGov account was breached. Following a preliminary investigation, it was revealed that this incident did not happen as a result of a compromise in X's system but as a result of an anonymous person gaining control over a phone number loosely linked to the account.
According to the X Safety Team, "This security breach did not occur as a result of a compromise of X's system, but rather by an unknown person who gained access to a phone number linked to the @SECGov account via a third party." They further stated, "We can unequivocally confirm that there was no two-factor authentication left activated when the account was breached." More details to emerge as this continues to be an unfolding story.
Published At
1/10/2024 7:08:37 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.