Twitter: SEC’s Account Hijacked in SIM Swap Attack

3 mins read
Twitter: SEC's Account Hijacked in SIM Swap Attack

How did a hacker who used a SIM-swap attack to gain control of a phone number associated with the @SECGov account gain access to the Securities and Exchange Commission’s Twitter account?

Twitter’s Security team clarified that the account compromise was not the result of a breach in Twitter’s systems, but was done by an unidentified individual who gained control of a phone number associated with the @SECGov account through a third party.



Twitter also confirmed that the compromised account did not have two-factor authentication enabled at the time.

The company didn’t identify the third party. But it looks like the hacker learned which phone number was registered to @SECGov. They then probably manipulated a cellular provider into giving up access to the phone number via a SIM swap. In these scenarios, the carrier clones the mobile phone number to a new SIM card, which is then placed in the hacker’s phone.  

Read:  KAAN Dünyayı Şaşırtmaya Devam Ediyor: Global Basından Övgü Yağdı!

SIM-swapping attacks can be devastating since many online accounts will send password-reset codes to the owner’s mobile phone number. This has allowed cybercriminals to take over cryptocurrency accounts, as well as Twitter accounts. In 2019, former Twitter CEO Jack Dorsey suffered a SIM swap that resulted in hackers posting racist comments on his account. 

Tuesday’s hijacking of the SEC’s account shows that SIM-swapping attacks are more than just PR headaches. The hacker used @SECGov to fraudulently claim that the federal regulator had cleared Bitcoin ETFs (Exchange-Traded funds) for all national securities exchanges. This sent the price of Bitcoin soaring on Tuesday. But the value abruptly plummeted after SEC Chair Gary Gensler warned the public that the @SECGov account had been compromised. 

The hijacking has since caused embarrassment for the SEC, especially since Gensler himself published a tweet back in October urging users to implement multi-factor authentication. At the same time, US lawmakers are demanding answers for how the hack occurred

Read:  Şaşırtıcı Keşif: Afrika'da Ördek Gagalı Dinozor Fosil Bulundu!

FİKRİKADİM

The ancient idea tries to provide the most accurate information to its readers in all the content it publishes.

Leave a Reply

Your email address will not be published.

Comment moderation is enabled. Your comment may take some time to appear.