The Reddit security team said the hack took place after the intruder(s) took over subreddit moderator accounts. Several moderators have also come forward to admit that their accounts have been hacked and that they did not use two-factor authentication.
Accounts that had 2FA enabled were hacked on twitter. The Twitter hacker used social engineering to get twitter employees to temporarily change the email addresses of each account.
The 2nd Authenticator (meaning the email that is received upon logging on) was redirected to the hackers email. I'm unsure if he did this will all the accounts, or even if that was all he did.. I'm sure there were more steps, but that was the general idea. The point is that 2FA isn't unbeatable.
When did they change what social engineering means? I'm not convinced they did but you and Tim Pool use it the same way. You guys seem to use it as a stand in for catfishing when no romance is involved. It used to mean brainwashing people subliminally.
Twitter was actually somewhat legitimately hacked.
They got an insider to give them access to the admin control panel and then started changing the email addresses of checkmarks so they could request a password change.
But then that makes me wonder how they got into accounts that had 2-factor authentication.
I read somewhere the compromised mod accounts on Twitter had two factor authentication set up, but had chosen 2FA via SMS.
I am not an expert. But, IMO, any authentication methodology that utilizes such insecure protocols to deliver information is inherently flawed.
I have always felt that way about 2FA via SMS though.
I use an app on my phone that gives me rolling codes for all my sites. Highly recommend using one.
If you go this route, pay no mind to the type of 2FA app the site recommends, or outright says you need to use. You don't need to use Google of Microsoft's authenticator. If you see a QR code to add 2FA to your account, your authentication app will most likely work, IME.
I use AndOTP for Android but am looking to switch to an open source option I watched The Hated One on YT mention the other day. Not sure which one it was but if you are looking to stay anonymous online and secure you'd be well served to watch a few of his most-watched videos. The guy is sage and brings the goods.
Isn't this the same way twitter was hacked?
For increased security, all passwords have been upgraded to [email protected]
Accounts that had 2FA enabled were hacked on twitter. The Twitter hacker used social engineering to get twitter employees to temporarily change the email addresses of each account.
Wait a minute.
How does just an e-mail change let them get past 2-factor authentication?
The 2nd Authenticator (meaning the email that is received upon logging on) was redirected to the hackers email. I'm unsure if he did this will all the accounts, or even if that was all he did.. I'm sure there were more steps, but that was the general idea. The point is that 2FA isn't unbeatable.
When did they change what social engineering means? I'm not convinced they did but you and Tim Pool use it the same way. You guys seem to use it as a stand in for catfishing when no romance is involved. It used to mean brainwashing people subliminally.
It's been used this way for years to describe manipulating passwords out of people. Like at least as far back as early 2000s.
And 'racism' has been used just as long to describe a color blind meritocracy, that doesn't make it correct.
and the DNC...lol
Twitter was actually somewhat legitimately hacked.
They got an insider to give them access to the admin control panel and then started changing the email addresses of checkmarks so they could request a password change.
But then that makes me wonder how they got into accounts that had 2-factor authentication.
I read somewhere the compromised mod accounts on Twitter had two factor authentication set up, but had chosen 2FA via SMS.
I am not an expert. But, IMO, any authentication methodology that utilizes such insecure protocols to deliver information is inherently flawed.
I have always felt that way about 2FA via SMS though.
I use an app on my phone that gives me rolling codes for all my sites. Highly recommend using one.
If you go this route, pay no mind to the type of 2FA app the site recommends, or outright says you need to use. You don't need to use Google of Microsoft's authenticator. If you see a QR code to add 2FA to your account, your authentication app will most likely work, IME.
I use AndOTP for Android but am looking to switch to an open source option I watched The Hated One on YT mention the other day. Not sure which one it was but if you are looking to stay anonymous online and secure you'd be well served to watch a few of his most-watched videos. The guy is sage and brings the goods.