U.S. SEC: Multi-factor authentication was disabled six months before the official Twitter account was attacked, and it has now been reactivated

The U.S. Securities and Exchange Commission (SEC) has updated its official website about the latest developments regarding the unauthorized access incident on January 9th to the SEC's official X account (@SECGov). The SEC stated: "Although multi-factor authentication (MFA) had been enabled on the X account, it was disabled in July 2023 at the request of X Support staff due to issues accessing the account. MFA remained disabled until it was re-enabled by staff after the account was stolen on January 9th. Currently, all SEC social media accounts that offer MFA have enabled MFA." The SEC also confirmed that this was indeed a "SIM swap" attack, with an unauthorized party obtaining a phone number through a telecommunications operator rather than through an SEC system.