El equipo de seguridad de X reveló recientemente que la Comisión del Mercado de Valores de Estados Unidos (SEC) no había activado la autenticación de dos factores (2FA) en su cuenta principal
FeaturedFinancial security

Security flaw exposed the official account of the SEC on X

X’s security team recently revealed that the US Securities and Exchange Commission (SEC) had not enabled two-factor authentication (2FA) on its main account

X’s security team recently revealed that the US Securities and Exchange Commission (SEC) had failed to enable two-factor authentication (2FA) on its main X account. This omission resulted in a hacker accessing it, creating an embarrassing situation for the SEC.

The incident, which rocked the cryptocurrency markets, was caused by a fake approval of a Bitcoin ETF, published from the official SEC account at X.

On January 10, X’s security page (Safety) reported that the hack into the SEC account was due to a “SIM exchange hack“. This type of attack involves an unidentified actor taking control of the phone number associated with the SEC’s account and using it to access its official X page.

The X security team confirmed that the @SECGov account was compromised and that, following a preliminary investigation, it was determined that the attack was not due to a breach in X’s systems. Instead, it was the result of an unidentified individual gaining control of the phone number associated with the @SECGov account through a third party. In addition, they confirmed that the account did not have two-factor authentication enabled at the time of the commitment.

SIM exchange hacking is an identity theft technique where the attacker gains control over a victim’s phone number. This allows you to access social media accounts, banks and cryptocurrencies.

In this case, it is likely that the hacker persuaded an external telecommunications provider to transfer control of the phone number linked to the SEC account. If the hacker also knew the email associated with the account, he could use the phone number to reset the password and gain access.

ZachXBT, a blockchain detective, took advantage of the situation to ironically recall on Twitter the social media security tips previously given by Gary Gensler, president of the SEC, in response to X’s original security post.

K. Tovar

Source: Cointelegraph

(Reference image: X, @misterrcrypto)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on Twitter and Instagram

You might also like
Featured

Price of the BCV dollar this Thursday, May 2

Featured

Could WhatsApp stop working in India?

Business

FTA between Ecuador and China came into force this May 1

Featured

Banco Bicentenario will become the first digital bank in Venezuela

Featured

Google Play Store allows the simultaneous update of two applications

Business

IMF will provide support of USD 4,000 million to Ecuador

More Stories

Chrome OS will prioritize Android software installation…

Coinbase crypto card integrates payments with Apple Pay and…

South Korea creates plan for blockchain and its CB