SECGov X Account
On Tuesday, January 9, 2024, the SEC’s @SECGov X account was compromised. SEC staff are coordinating with appropriate law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, amongst others, in their investigations into the unauthorized activity.
The agency will provide updates on the incident as appropriate on this page.
- January 22, 2024: Statement by an SEC Spokesperson to the Media
- January 12, 2024: Statement by Chair Gary Gensler on Unauthorized Access to the SEC’s @SECGov X.com Account
- January 10, 2024: Statement by an SEC Spokesperson to the Media
- January 9, 2024: Statement by an SEC Spokesperson to the Media
- January 9, 2024: Statement by an SEC Spokesperson to the Media
January 22, 2024: Statement by an SEC Spokesperson to the Media:
We are providing the following update on the January 9, 2024, unauthorized access and activity (the “incident”) on the @SECGov X account:
SEC staff are continuing to coordinate with several law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Commodity Futures Trading Commission, the Department of Justice, and the SEC’s own Division of Enforcement.
Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent “SIM swap” attack. SIM swapping is a technique used to transfer a person’s phone number to another device without authorization, allowing the unauthorized party to begin receiving voice and SMS communications associated with the number. Access to the phone number occurred via the telecom carrier, not via SEC systems. SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.
Once in control of the phone number, the unauthorized party reset the password for the @SECGov account. Among other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account.
While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account. Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9. MFA currently is enabled for all SEC social media accounts that offer it.
January 12, 2024: Statement by Chair Gary Gensler on Unauthorized Access to the SEC’s @SECGov X.com Account
Based on current information, staff understands that, shortly after 4:00 pm ET on Tuesday, January 9, 2024, an unauthorized party gained access to the @SECGov X.com account by obtaining control over the phone number associated with the account. The unauthorized party made one post at 4:11 pm ET purporting to announce the Commission’s approval of spot bitcoin exchange-traded funds, as well as a second post approximately two minutes later that said “$BTC.” The unauthorized party subsequently deleted the second post, but not the first. Using the @SECGov account, the unauthorized party also liked two posts by non-SEC accounts. While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.
Upon becoming aware of the incident, staff in the Office of Public Affairs posted to the official @garygensler X.com account at 4:26 pm ET, alerting the public that the @SECGov account had been compromised, an unauthorized post was made, and the Commission had not approved the listing and trading of spot bitcoin exchange-traded products. Staff deleted the first unauthorized post on the @SECGov account, un-liked the two liked posts, and, at 4:42 pm ET, made a new post on the @SECGov account stating that the account had been compromised. Staff also reached out to X.com for assistance in terminating the unauthorized access to the @SECGov account. Based on information currently available, staff believe that the unauthorized access to the account was terminated between 4:40 pm ET and 5:30 pm ET.
The SEC takes its cybersecurity obligations seriously. Commission staff are still assessing the impacts of this incident on the agency, investors, and the marketplace but recognize that those impacts include concerns about the security of the SEC’s social media accounts. The staff also will continue to assess whether additional remedial measures are warranted.
Staff are coordinating with appropriate law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, amongst others, in their investigations. The agency will provide updates on the incident as appropriate. Importantly, the Commission makes its actions public on the Commission’s website, http://www.sec.gov. The Commission does not use social media channels to make its actions public; social media posts only amplify announcements that are made on our website.
January 10, 2024: Statement by an SEC Spokesperson to the Media:
We are providing the following update as it relates to the unauthorized access and activity on the @SECGov X.com account:
- The SEC continues to investigate the matter and is coordinating with appropriate law enforcement entities, including the SEC’s Office of the Inspector General and the FBI.
- The unauthorized content on the @SECGov account was not drafted or created by the SEC.
- We will provide updates on the incident as appropriate.
- Consistent with existing practice, any Commission action on exchange rule filings would be posted on the relevant section of the SEC’s website at https://www.sec.gov/ and then in the Federal Register. As always, that would be the first public indication of a Commission’s action.
January 9, 2024: Statement by an SEC Spokesperson to the Media:
The SEC has determined that there was unauthorized access to and activity on the @SECGov x.com account by an unknown party for a brief period of time shortly after 4 pm ET. That unauthorized access has been terminated. The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct.
January 9, 2024: Statement by an SEC Spokesperson to the Media:
The SEC’s @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff.
2024 年 1 月 22 日:SEC 发言人向媒体发表的声明:
我们针对 2024 年 1 月 9 日 @SECGov X 帐户上未经授权的访问和活动(“事件”)提供以下最新信息:
SEC 工作人员正在继续与多个执法和联邦监督实体进行协调,包括 SEC 监察长办公室、联邦调查局、国土安全部网络安全和基础设施安全局、商品期货交易委员会、司法部,以及 SEC 自己的执法部门。
事件发生两天后,经与 SEC 的电信运营商协商,SEC 确定未经授权方通过明显的“SIM 交换”攻击获得了与该账户关联的 SEC 手机号码的控制权。 SIM 交换是一种在未经授权的情况下将某人的电话号码转移到另一台设备的技术,允许未经授权的一方开始接收与该号码相关的语音和 SMS 通信。电话号码的访问是通过电信运营商进行的,而不是通过 SEC 系统。 SEC 工作人员尚未发现任何证据表明未经授权方访问了 SEC 系统、数据、设备或其他社交媒体帐户。
一旦控制了电话号码,未经授权的一方就会重置 @SECGov 帐户的密码。除此之外,执法部门目前正在调查未经授权的一方如何让运营商更改该帐户的 SIM 卡,以及该方如何知道哪个电话号码与该帐户关联。
虽然之前已在 @SECGov X 帐户上启用了多重身份验证 (MFA),但由于访问该帐户出现问题,X 支持应工作人员的要求于 2023 年 7 月禁用了多重身份验证 (MFA)。重新建立访问权限后,MFA 一直处于禁用状态,直到 1 月 9 日帐户被盗后工作人员重新启用它。目前,所有提供 MFA 的 SEC 社交媒体帐户均已启用 MFA。
发表回复