Password found in data breach
- Thread starter frm
- Start date
ManagerJosh
Well-known member
In both examples, it applies only to SMS based MFA. If one a soft token MFA, or a hardware based MFA, it doesn't apply.There's a ton of stuff on this:
Does Two-Factor Authentication Really Make You Safer?
Two-factor authentication, or 2FA, is becoming increasingly common, but one reader points out that it seems easy to get around its protection. Is he right? Security expert Max Eddy takes a look.www.pcmag.com
The most recent of which was the Reddit Trump hack where the hackers used this or completely breached the system:
Hackers Flood Reddit With Pro-Trump Takeovers
By apparently compromising moderator accounts, the attackers were able to post MAGA materials all over at least 70 popular subreddits.www.wired.com
Russ
Well-known member
Funny enough the first article has this listed MORE ARTICLES
www.wired.com
I've heard of a few YouTuber's whose phones were compromised from fraudsters tricking mobile provider employees into replacing the sim card. Account passcodes on your mobile provider could help with this aspect of it.
How Two-Factor Authentication Keeps Your Accounts Safe
Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier.
I've heard of a few YouTuber's whose phones were compromised from fraudsters tricking mobile provider employees into replacing the sim card. Account passcodes on your mobile provider could help with this aspect of it.
RobinHood
Well-known member
Put your email address into here, it will tell you how many times it's been detected in big data breaches, it will also tell you which hack it was.
You can also type the password into this page and it will tell you how many times that password shows up in all the database leaks they have on file, but it won't tell you which one.
haveibeenpwned.com
The site is run by a well known security researcher, Troy Hunt, so it's safe to use. I believe Firefox uses the sites API for it's built in password breach detection.
You can also type the password into this page and it will tell you how many times that password shows up in all the database leaks they have on file, but it won't tell you which one.
Have I Been Pwned: Pwned Passwords
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
The site is run by a well known security researcher, Troy Hunt, so it's safe to use. I believe Firefox uses the sites API for it's built in password breach detection.
Dragonfruit
Well-known member
There's a ton of stuff on this:
Does Two-Factor Authentication Really Make You Safer?
Two-factor authentication, or 2FA, is becoming increasingly common, but one reader points out that it seems easy to get around its protection. Is he right? Security expert Max Eddy takes a look.
The most recent of which was the Reddit Trump hack where the hackers used this or completely breached the system:
Hackers Flood Reddit With Pro-Trump Takeovers
By apparently compromising moderator accounts, the attackers were able to post MAGA materials all over at least 70 popular subreddits.
I think the confusion here is you said "Faked", the first article there talks about the Phone being stolen or the SIM hijacking, or more specifically; phone number stealing.
This happened to some people I know where they had their phone numbers in process or completely transferred from their provider to another, so someone can use their SMS to get into their 2FA services; banks, etc.
But it doesn't mean 2FA is a useless security layer, it helps stop anyone from bruteforcing. For someone to physically steal your phone, they would have to be someone specifically targeting you; knowing your login IDs already.
As for the 'SMS' jacking aka Phone number stealing; speak to your phone carriers. I've enabled voice identification to first authenticate speaking to them, and the second one is 2 ID approval, in order to approve transferring the phone number from 1 carrier to another. So let's say someone were to call in with all my private information to impersonate me and request to steal my phone number; they'll be asked to visit a local store with 2 pieces of government issued IDs to confirm & authorize the transfer. This would be assuming they can get past voice authentication.
Is it 100% bullet proof? Nah, but at least it makes it that much more difficult for the people trying it.
Last edited:
frm
Well-known member
Probably right. I was pretty tired when I wrote that and figured faked would be equated to SIM cloning or social engineering to get a phone company to do it... in other words, faked.
As far as the PIN is concerned, I don't even wanna believe that's close to 100% with the people I've personally known in highschool working these call centers (anecdotal). I'm sure you could always tweedle around with someone and maybe dig up a maiden name to bypass that. If it doesn't work, rinse and repeat on the same person or user and your goal is 100% complete with just a few failures.
ManagerJosh
Well-known member
Similar threads
