Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
48 replies
75 recasts
388 reactions

Thomas pfp
Thomas
@aviationdoctor.eth
Looks like everyone dropped the ball here. X shouldn’t enable phone recovery by default, it’s an obsolete practice. T-Mobile should use PINs to thwart social engineers (we’ve known about SIM swaps for years) + special procedures for public figures who are obvious targets (flag set=call escalation, added verif).
2 replies
0 recast
0 reaction

Thomas pfp
Thomas
@aviationdoctor.eth
This isn’t even 20/20 hindsight; how to prevent exactly this type of attack is well documented by now, and virtually 100% of those hacks follow the same recipe. That’s why I’m reluctant to even give my phone number to sensitive services - even if they say otherwise, I’m worried they’ll use it for recovery.
0 reply
0 recast
0 reaction

3NUM pfp
3NUM
@3num
T-Mobile actually does use PINs (in the US). Unfortunately, more and more of the hacks happen as a result of bribing/coercing a telco employee in which a SIM Pin is useless as they can simply re-assign a number at their discretion
0 reply
0 recast
0 reaction