SEC confirms X account was hacked in SIM swapping attack

The U.S. SEC's official X account was hijacked through a SIM-swap of the phone number associated with the account, enabling attackers to reset the password and publish a false Bitcoin ETF approval; the SEC reports no internal systems or data were accessed. The incident highlights risks from SMS-based multi-factor authentication and recommends using authentication apps or hardware security keys to mitigate SIM-swap risks.