The US Securities and Exchange Commission’s (SEC) presence on X, formerly Twitter, faced a security breach yesterday. An unidentified actor compromised the SEC’s account, prompting the regulatory body to initiate an investigation in collaboration with law enforcement.
On January 9, hackers successfully took control of the SEC’s account and disseminated a false message on the agency’s social media platform. The misleading post claimed the approval of exchange-traded funds (ETFs). Despite being deleted within 20 minutes, the post garnered over 1 million views.
X acknowledged the security breach, attributing it to an “unidentified individual” who gained access to a phone number linked to the X account. This incident is the latest in a series of high-profile compromises affecting X accounts.
After the attack, they (US.SEC) tweeted again by saying that their account was hacked.
Summary
Victim –U.S. Securities and Exchange Commission
Attacker – Not identified yet.
Attack type – Password Compromised.
When: The breach was discovered on January 09, 2024.
Damage/Compromised data – Tweet the misleading information about bitcoin
Reasons for Easy Hack –Poor password usage and there was no 2FA authentication configured for accounts.
Lessons from this Hack – Use string password for your accounts and use MFA as always you can.
