The Securities and Exchange Commission (SEC) has confirmed that its social network account on X was hacked earlier this year. The security breach, which occurred in January, involved a type of attack known as SIM Swapping. It was discovered that the SEC account did not have multifactor authentication in place.
An internal investigation conducted by the SEC revealed that unauthorized access to the agency’s phone number, which was linked to the X account, was obtained through SIM Swapping. This attack method involves the attacker gaining control over a cell phone number by convincing the mobile operator to transfer the number to a SIM card controlled by them. Once the attacker has control over the victim’s phone number, they can use it to reset passwords and gain access to the victim’s accounts.
After gaining control over the phone number associated with the SEC account, the attacker was able to reset the account’s password and obtained unauthorized access.
X is a social network where users can publish public messages and communicate with others. It has a large global audience and is one of the top 10 most visited sites on the internet.
It is important to note that X is currently prohibited in Russia due to repeated violations of legislation.