The SEC has confirmed its account was compromised by a Sim swap attack.
This is when someone fraudulently gets a mobile phone carrier to apply an existing telephone number to a new Sim card.
In this case, the alleged perpetrator is accused of creating a fake ID with the details of an SEC employee which were passed on to him by co-conspirators.
He is then alleged to have used these details to get the employee’s mobile number transferred to a new Sim.
Co-conspirators are alleged to have used access codes sent to the phone to login to the SEC’s X account.
This was made easier due to a lack of adequate protection on the account.
SEC staff had asked X in July 2023 to suspend multi-factor authentication (MFA), a security measure used to help verify the person logging in.
It subsequently re-enabled MFA after the hack.
Eric Council Jr is charged with one count of conspiracy to commit aggravated identity theft and access device fraud.
If found guilty, he could face up to five years in prison.
Source:
www.bbc.com
Source link
