The U.S. Securities and Exchange Commission (SEC) said the multi-factor authentication feature was not turned on before a fake announcement about the spot Bitcoin ETF was made.
SEC, “Although multi-factor authentication (MFA) was previously enabled on the @SECGov account in Once access was regained, MFA remained closed until staff reopened the account after it was compromised on January 9.” made the statement.
SEC’s X account was infiltrated after a phone number used in the account was compromised. X security team was in the SEC account on the date of the incident multi-factor authentication is not used explained.
According to the statement made by the institution, there is a call to the phone number in question. SIM swapping attack It was achieved thanks to In SIM swapping attacks, a phone number is transferred to the SIM card used by the hacker.
SEC, “The phone number is not accessed through the SEC’s systems. through telephone operator has been reached. SEC staff has found no evidence that the unauthorized access party gained access to the SEC’s systems, data, devices or other social media accounts.” said.
The investigation continues into how the SIM in the account was changed by the operator and how the phone number used in the account was accessed.