The X Safety team has revealed that the United States Securities and Exchange Commission did not have two-factor authentication (2FA) enabled on its main X account, allowing a hacker to gain access to its account. 

The embarassing revelation for the SEC comes immediately following a security breach that rocked crypto markets with a false confirmation of a spot Bitcoin ETF from the SEC’s official account on the social media platform.

In a Jan. 10 post, X’s Safety page wrote that the SEC hack occurred as a result of an unidentified actor gaining control of the phone number associated with the account, and using that to gain access to SEC’s official X page. This is more commonly known as a SIM swap hack.

“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party,” wrote X Safety.

“We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised.”

Blockchain sleuth ZachXBT took the opportunity to repackage SEC Chair Gary Gensler’s own previous advice on social media security in a humorous comment made in response to the original X Safety post. 

X's owner and Tesla CEO Elon Musk took the opportunity to push back on an earlier claim that the SEC hack was a result of X’s own internal systems may have been breached. 

“That’s how legacy media runs,” said Musk.

https://twitter.com/elonmusk/status/1744884907493453882?s=20

This is a developing story, and further information will be added as it becomes available.