US’ SEC disables MFA, falls to fraud attack

A pair of events, one nefarious and the other seemingly innocuous, allegedly combined to allow the takeover of a U.S. government regulator’s X account.

Someone reportedly was able to perform a SIM swap on a Securities and Exchange Commission phone account January 9.

Complicating the situation, SEC staff in July decided to temporarily disable multi-factor authentication on the agency’s X account to deal with problems staff were having accessing the account.

MFA was not restored until after the January 9 …

access control account attack biometrics news cybersecurity events exchange fraud government january july mfa multi-factor authentication phone sec securities securities and exchange commission sim sim swap social media staff takeover u.s. government x (twitter)