(Reuters) -Wall Street’s top regulator fell victim to “SIM swapping”, a technique used by Internet fraudsters to gain control of telephone lines, when social media platform X, formerly known as Twitter, Used to go, but his account was hacked earlier this month. The US Securities and Exchange Commission said on Monday.

The SEC also said that, six months before the attack, employees had removed an additional layer of security, known as multi-factor authentication (MFA), and did not reinstall it until after the January 9 attack. did.

As anticipation of the agency’s approval for exchange-traded products tracking Bitcoin grew, an unknown person or persons gained access to the account, posting a false announcement that approval had already been granted, causing the cryptocurrency’s price to drop. There was a momentary surge.

In a divided vote, the Commission approved the following day.

SIM swapping is a technique in which attackers gain control of a telephone number by reassigning it to a new device.

“Once they took control of the phone number, the unauthorized party reset the password for the @SECGov account,” an SEC spokesperson said in a statement.

Law enforcement agencies are working to learn how the hackers switched to the SEC’s mobile carriers, the SEC said, without identifying the carriers.

Lawmakers have demanded an explanation of how the SEC could leave itself exposed to such an attack while it holds publicly traded companies to tougher cybersecurity requirements.

Monday’s statement also said that due to difficulties accessing the account, SEC staff had asked X Support to disable MFA in June 2023, which could provide additional protection against unauthorized access.

“MFA is currently enabled for all SEC social media accounts that offer it,” the statement said.

A representative for X did not immediately respond to a request for comment.

NIST told Reuters that US agencies set their own policies on access to social media accounts but guidelines from the US National Institute of Standards and Technology generally encourage the use of MFA.

The incident is being investigated by agencies including the SEC’s Office of Inspector General and its Enforcement Division; the Commodity Futures Trading Commission, which regulates Bitcoin futures; Federal Bureau of Investigation; Department of Justice; and the Cybersecurity and Infrastructure Security Agency, the statement said.

(This story has not been edited by News18 staff and is published from a syndicated news agency feed – Reuters)