Unlonely

tldr; i got sim-swapped yesterday

first noticed our unlonely_app twitter getting hacked. attackers bought similar unlonely dot xyz or unlonely dot claim domains and copied our landing page. luckily, we caught this early and were able to prevent further losses for users.

Sorry this happened to Brian.

For everyone: Authy is security theater and not a real product. 

Replace SMS 2FA with a 2FA tool backed up by…SMS 2FA??

Delete that app and use something else.

Sorry this happened to Brian.

For everyone: Authy is security theater and not a real product. 

Replace SMS 2FA with a 2FA tool backed up by…SMS 2FA??

Delete that app and use something else. https://twitter.com/kylemccollom/status/1606753234315517952

summoning /daylight | kylemccollom.com | we are hiring: careers.daylight.xyz

software engineer and onchain craftsperson

man i am praying 1password stays safe but should probably get a yubikey

With Authy, if someone has access to your phone number they can access all your 2FA codes? No need to login to anything else (eg iCloud)?

In any case that's wild, really sorry to hear about this!

https://warpcast.com/colin/0x7c33501e

Yeah that's absolutely wild - had no idea that was possible. Just seems so stupid you can access 2FA codes via SMS, defeats the entire purpose of non-SMS-based 2FA imo

seems to be a common issue, even GitHub doesn't allow you to remove normal TOTP auth if you have a hardware key added - no where near as bad as SMS but still...

1Password ftw - sorry you’re dealing with this Brian.