Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
48 replies
75 recasts
388 reactions
Thomas
@aviationdoctor.eth
Looks like everyone dropped the ball here. X shouldn’t enable phone recovery by default, it’s an obsolete practice. T-Mobile should use PINs to thwart social engineers (we’ve known about SIM swaps for years) + special procedures for public figures who are obvious targets (flag set=call escalation, added verif).
2 replies
0 recast
0 reaction
Thomas
@aviationdoctor.eth
This isn’t even 20/20 hindsight; how to prevent exactly this type of attack is well documented by now, and virtually 100% of those hacks follow the same recipe. That’s why I’m reluctant to even give my phone number to sensitive services - even if they say otherwise, I’m worried they’ll use it for recovery.
0 reply
0 recast
0 reaction