US Regulator Acknowledges Cybersecurity Failure Prior to Unauthorized Bitcoin Announcement

The US Securities and Exchange Commission (SEC) has revealed that a key security measure on its X account was suspended for six months when hackers made a fake post about Bitcoin in January. The SEC did not have multi-factor authentication (MFA) in place at the time of the hack, which allowed the hackers to gain access to the account. Cyber-security experts have called on other governmental agencies to review the security of their social network accounts in light of this incident. The SEC confirmed that the account was compromised through a sim-swapping attack, where a fraudster convinced a mobile operator to transfer an SEC employee’s phone number to a new sim. The hacker was then able to reset the password, log in, and make the fake post about Bitcoin. The SEC has since enabled MFA on all its social media accounts that offer it.