SEC Twitter Account Hacked Using SIM Swapping Technique: A Detailed Account

The US Securities and Exchange Commission (SEC) recently fell victim to a cyber attack when hackers employed a SIM swapping technique to gain control over its social media account. This article provides a comprehensive overview of the hack, including the events leading up to it, the methods employed by the hackers, the response from the SEC, and the ongoing investigation.

The Hacked Announcement

On January 9, a tweet from the @SECGov Twitter account announced the approval of a highly anticipated bitcoin exchange-traded fund (ETF). However, SEC Chairman Gary Gensler promptly responded on his personal account, confirming that the SEC’s account had been compromised and that the announcement was false.

Timeline of the Hack

The unauthorized access to the SEC’s Twitter account occurred shortly after 4:00 pm ET on January 9th. Upon identifying the incident, the SEC staff took immediate action by deleting the hackers’ post, acknowledging the breach, and contacting Twitter (formerly known as X) to terminate the unauthorized access.

SIM Swapping Method Used

In a Monday update, the SEC disclosed that the hackers employed a SIM swapping technique to gain control over the @SECGov account. The attackers manipulated the telecom carrier into transferring the phone number associated with the account to a SIM card in their possession. With the compromised phone number, the hackers were able to reset the password for the Twitter account.

Disabled Multi-Factor Authentication (MFA)

Investigations into the incident revealed that multi-factor authentication (MFA) had been disabled for the @SECGov account by X support since July 2023. It was disabled due to previous issues faced by SEC staff in accessing the account. The lack of MFA became a vulnerability exploited by the hackers during the attack.

The SEC emphasized that the hack did not occur through its own systems, and there is no evidence to suggest that the attackers gained access to SEC systems, data, devices, or any other social media accounts. This indicates that the breach was limited to the Twitter account and did not compromise the agency’s internal network.

Collaboration with Law Enforcement

Immediately following the incident, the SEC contacted law enforcement and has been fully cooperating in the ongoing investigation. The authorities are working to determine how the unauthorized party convinced the telecom carrier to change the SIM associated with the account and how they obtained knowledge of the associated phone number.

Investigation Focus

The primary focus of the investigation is to uncover the methods employed by the hackers to manipulate the telecom carrier and change the SIM card linked to the SEC’s Twitter account. Additionally, investigators are working to determine how the attackers were able to identify the specific phone number associated with the account.

The recent hacking of the SEC’s Twitter account using the SIM swapping technique highlights the growing sophistication of cybercriminals and the need for stringent cybersecurity measures. Despite the breach, the SEC has confirmed that its internal systems and data remain secure. The incident serves as a reminder for organizations to prioritize the protection of their social media accounts, even if they are not directly linked to their internal networks. By collaborating with law enforcement and taking appropriate actions, the SEC is actively working to identify and bring the hackers to justice.

Explore more

Why Should Leaders Invest in Employee Career Growth?

In today’s fast-paced business landscape, a staggering statistic reveals the stakes of neglecting employee development: turnover costs the median S&P 500 company $480 million annually due to talent loss, underscoring a critical challenge for leaders. This immense financial burden highlights the urgent need to retain skilled individuals and maintain a competitive edge through strategic initiatives. Employee career growth, often overlooked

Making Time for Questions to Boost Workplace Curiosity

Introduction to Fostering Inquiry at Work Imagine a bustling office where deadlines loom large, meetings are packed with agendas, and every minute counts—yet no one dares to ask a clarifying question for fear of derailing the schedule. This scenario is all too common in modern workplaces, where the pressure to perform often overshadows the need for curiosity. Fostering an environment

Embedded Finance: From SaaS Promise to SME Practice

Imagine a small business owner managing daily operations through a single software platform, seamlessly handling not just inventory or customer relations but also payments, loans, and business accounts without ever stepping into a bank. This is the transformative vision of embedded finance, a trend that integrates financial services directly into vertical Software-as-a-Service (SaaS) platforms, turning them into indispensable tools for

DevOps Tools: Gateways to Major Cyberattacks Exposed

In the rapidly evolving digital ecosystem, DevOps tools have emerged as indispensable assets for organizations aiming to streamline software development and IT operations with unmatched efficiency, making them critical to modern business success. Platforms like GitHub, Jira, and Confluence enable seamless collaboration, allowing teams to manage code, track projects, and document workflows at an accelerated pace. However, this very integration

Trend Analysis: Agentic DevOps in Digital Transformation

In an era where digital transformation remains a critical yet elusive goal for countless enterprises, the frustration of stalled progress is palpable— over 70% of initiatives fail to meet expectations, costing billions annually in wasted resources and missed opportunities. This staggering reality underscores a persistent struggle to modernize IT infrastructure amid soaring costs and sluggish timelines. As companies grapple with