Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
48 replies
75 recasts
388 reactions
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
10 replies
11 recasts
96 reactions
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
4 replies
2 recasts
35 reactions
Vitalik Buterin
@vitalik.eth
Anyway, glad to be on farcaster, where my account recovery can be controlled by a good wholesome ethereum address :)
19 replies
47 recasts
240 reactions
aferg
@aaronrferguson.eth
Glad you’re back. Sorry you got sim swapped :-( Are T-Mobile going to add some extra protection to your mobile to prevent this going forward? I am anxious that mobile companies are woefully unprepared to curtail social engineering…especially if AI can simulate a speaker since many telecoms use voice for auth
1 reply
0 recast
4 reactions
Vitalik Buterin
@vitalik.eth
yeah I added all kinds of hardening to the account itself, and to various other apps
3 replies
2 recasts
22 reactions
aferg
@aaronrferguson.eth
Good! I called my telco awhile ago and the agent didn’t know about sim swapping, or if they had a policy on how to help make someone’s account less at-risk for swaps 😩
0 reply
0 recast
0 reaction