Ahmet Bedirhan Arvas 
The official Twitter account of the United States Securities and Exchange Commission (SEC) fell victim to a hacker attack due to a security vulnerability. Twitter revealed that the attack was caused by the security team not enabling two-factor authentication (2FA) on the account. This incident followed a tweet containing false information that shook the cryptocurrency markets.
In a statement on the SEC security page, it was mentioned that the attack occurred when an unidentified individual seized the phone number associated with the account. This happened in the form of a commonly known SIM swap attack. The attacker likely convinced a third-party telecommunications provider to take control of the phone number associated with the SEC account.
Following the incident, the SEC stated in a post-event announcement, “Based on our investigation, the breach did not originate from SEC systems but occurred due to an unidentified individual taking control of a phone number associated with @SECGov through a third party.”
You may notice: Bitcoin ETF Approval Scandal! SEC is on the Target Board!
This security vulnerability led to the publication of a tweet containing false information, such as the approval of a spot Bitcoin exchange-traded fund (ETF), on the SEC’s official social media platform. U.S. Senators J.D. Vance and Thom Tillis criticized the SEC for operational security shortcomings and requested a statement regarding the incident.
CNBC says "X was hacked", this is not a true statement. pic.twitter.com/4AseAQuvrk
— Christopher Stanley (@cstanley) January 10, 2024
In the senators’ letter, it was stated, “These developments raise serious concerns about the Commission’s internal cybersecurity procedures and are contrary to the Commission’s triple mission to protect investors.”
Tesla CEO Elon Musk, who owns SEC, also made a statement on CNBC regarding the matter, criticizing the traditional media’s reporting style and emphasizing that SEC’s internal systems were not compromised.
While this incident seriously damages the reputation of the SEC, it has also raised concerns about its ability to protect investors. In response to calls for transparency, a list of Congress members called for the incident to be officially investigated.
To prevent similar attacks in the future, experts suggest enabling two-factor authentication on all online accounts, using strong passwords, regularly changing passwords, and providing cybersecurity training to employees.
It is expected that the SEC will thoroughly investigate the incident and take preventive measures.