SEC Says SIM Swap to Blame for Breached X Account

Crypto hackers gained control of a phone number associated with the government agency's account after MFA was disabled in July.

SEC webpage under magnifying glass
Source: dennizn via Alamy Stock Photo

A new statement from the Securities and Exchange Commission (SEC) explained that the regulator's X account was compromised after a threat actor was able to gain control of the phone number associated with the account, in a SIM-swapping cyberattack.

SIM-swapping attacks are a common way for threat actors to hijack social media accounts, crypto wallets, and more.

The SEC admitted its staff intentionally disabled multi-factor authentication (MFA) protections on the X account in July 2023 after there was an issue accessing the @SEC.gov handle.

"Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9," the SEC said in its statement on Jan. 22. "MFA currently is enabled for all SEC social media accounts that offer it."

The SEC X account was breached on Jan. 9 by crypto hackers who posted a message regarding Bitcoin ETFs, which temporarily caused the value of Bitcoin to spike.

Federal legislators have called for inquiries into the incident and investigations are ongoing by agencies including the SEC Inspector General, the Federal Bureau of Investigations (FBI), Department of Justice (DoJ), and Cybersecurity and Infrastructure Security Agency (CISA), the statement said.

SIM Swapping Defense Is Tricky

SIM swapping, in particular, is tricky to defend against, Will Glazier, director of threat research for Cequence Security, said in a statement.

"The act of social engineering of convincing the telecom employee(s) to port over a phone number is actually one of the last steps in the attack chain," Glazier said. "Before that occurs, attackers frequently try to abuse APIs, many of which are publicly exposed to the internet with no authentication, by design, because they enable business growth."

He added that wireless carriers intentionally make it easy to move a particular phone number to a competing carrier to make it easy for consumers to make a switch to a new network.

"Attackers can learn which phone numbers belong to which carriers, by learning which phone numbers are not eligible to be ported over, because they already belong to said carrier," he explained.

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights