U.S. SEC: The theft of X account was due to a SIM card swap attack, and multi-factor authentication has been restarted

ChainCatcher News, the U.S. Securities and Exchange Commission (SEC) has updated its official website regarding the latest developments on the unauthorized access incident involving the SEC's official X account (@SECGov) on January 9. The SEC stated: "Although multi-factor authentication (MFA) was previously enabled on the X account, it was disabled at the request of staff in July 2023 due to issues accessing the account. MFA remained disabled until staff re-enabled it after the account was compromised on January 9. Currently, all SEC social media accounts that offer MFA have it enabled."

The SEC also stated that this was indeed a "SIM swap" attack, where an unauthorized party obtained the phone number through a telecommunications provider rather than the SEC's systems.