SEC Twitter Account Hacked Using SIM Swapping Technique: A Detailed Account

The US Securities and Exchange Commission (SEC) recently fell victim to a cyber attack when hackers employed a SIM swapping technique to gain control over its social media account. This article provides a comprehensive overview of the hack, including the events leading up to it, the methods employed by the hackers, the response from the SEC, and the ongoing investigation.

The Hacked Announcement

On January 9, a tweet from the @SECGov Twitter account announced the approval of a highly anticipated bitcoin exchange-traded fund (ETF). However, SEC Chairman Gary Gensler promptly responded on his personal account, confirming that the SEC’s account had been compromised and that the announcement was false.

Timeline of the Hack

The unauthorized access to the SEC’s Twitter account occurred shortly after 4:00 pm ET on January 9th. Upon identifying the incident, the SEC staff took immediate action by deleting the hackers’ post, acknowledging the breach, and contacting Twitter (formerly known as X) to terminate the unauthorized access.

SIM Swapping Method Used

In a Monday update, the SEC disclosed that the hackers employed a SIM swapping technique to gain control over the @SECGov account. The attackers manipulated the telecom carrier into transferring the phone number associated with the account to a SIM card in their possession. With the compromised phone number, the hackers were able to reset the password for the Twitter account.

Disabled Multi-Factor Authentication (MFA)

Investigations into the incident revealed that multi-factor authentication (MFA) had been disabled for the @SECGov account by X support since July 2023. It was disabled due to previous issues faced by SEC staff in accessing the account. The lack of MFA became a vulnerability exploited by the hackers during the attack.

The SEC emphasized that the hack did not occur through its own systems, and there is no evidence to suggest that the attackers gained access to SEC systems, data, devices, or any other social media accounts. This indicates that the breach was limited to the Twitter account and did not compromise the agency’s internal network.

Collaboration with Law Enforcement

Immediately following the incident, the SEC contacted law enforcement and has been fully cooperating in the ongoing investigation. The authorities are working to determine how the unauthorized party convinced the telecom carrier to change the SIM associated with the account and how they obtained knowledge of the associated phone number.

Investigation Focus

The primary focus of the investigation is to uncover the methods employed by the hackers to manipulate the telecom carrier and change the SIM card linked to the SEC’s Twitter account. Additionally, investigators are working to determine how the attackers were able to identify the specific phone number associated with the account.

The recent hacking of the SEC’s Twitter account using the SIM swapping technique highlights the growing sophistication of cybercriminals and the need for stringent cybersecurity measures. Despite the breach, the SEC has confirmed that its internal systems and data remain secure. The incident serves as a reminder for organizations to prioritize the protection of their social media accounts, even if they are not directly linked to their internal networks. By collaborating with law enforcement and taking appropriate actions, the SEC is actively working to identify and bring the hackers to justice.

Explore more

Can a Unified ERP System Future-Proof Levi Strauss?

Establishing a seamless digital environment for a brand that spans over a hundred nations is a monumental undertaking that requires more than just standard software updates. Currently, Levi Strauss & Co. is navigating a profound transformation of its digital infrastructure, aiming for a mid-2027 completion of a fully integrated global enterprise resource planning system. This strategic overhaul is not merely

Ethereum Faces $10 Billion Liquidation Risk Near $2,000

The current trajectory of Ethereum suggests a massive collision between aggressive retail speculation and sophisticated institutional sell-side pressure as the asset hovers near the $2,000 psychological threshold. This specific price point has historically served as a pivot for broader market sentiment, influencing the behavior of various decentralized finance protocols and secondary layer-two scaling solutions. Currently, the market exhibits a state

ClickLock Malware Coerces macOS Users to Surrender Passwords

Traditional macOS security architectures have long been celebrated for their robust sandboxing and gated execution, yet a new strain of malware is proving that the human element remains the most vulnerable entry point in any digital ecosystem. This threat, known as ClickLock, has emerged as a particularly aggressive evolution in the macOS threat landscape by prioritizing psychological pressure and social

Stalled Windows 11 Migration Poses Growing Security Risks

The global landscape of enterprise computing is currently grappling with a persistent digital divide as a significant segment of users continues to rely on Windows 10 despite the availability of more secure alternatives. The current ecosystem of digital infrastructure remains tethered to legacy architecture, with recent telemetry indicating that approximately one in six workstations worldwide continues to operate on Windows

How Is OpenAI Redefining AI With Precision Engineering?

The shift from experimental conversationalists to precise engineering tools has fundamentally altered the landscape of digital productivity and high-performance computing in 2026. This transition is marked by a move away from the early excitement surrounding generative models toward a rigorous framework centered on deep optimization and granular control. OpenAI has spearheaded this movement with the introduction of the GPT-5.6 Sol