Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
54 replies
141 recasts
567 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
11 replies
15 recasts
104 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
4 replies
3 recasts
60 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Anyway, glad to be on farcaster, where my account recovery can be controlled by a good wholesome ethereum address :)
24 replies
82 recasts
335 reactions

j4ck • icebreaker pfp
j4ck • icebreaker
@j4ck.eth
👏👏👏
0 reply
0 recast
6 reactions

accountless.eth pfp
accountless.eth
@accountless.eth
thank you for sharing. that dank sharping post was pretty good. i clicked the link.
0 reply
0 recast
5 reactions

antimo — q/dau pfp
antimo — q/dau
@antimofm.eth
Welcome back
0 reply
0 recast
2 reactions

Aaron Ferguson pfp
Aaron Ferguson
@aaronrferguson.eth
Glad you’re back. Sorry you got sim swapped :-( Are T-Mobile going to add some extra protection to your mobile to prevent this going forward? I am anxious that mobile companies are woefully unprepared to curtail social engineering…especially if AI can simulate a speaker since many telecoms use voice for auth
1 reply
2 recasts
9 reactions

Jackson pfp
Jackson
@jacks0n
who woulda thought a seed phrase could feel so comfy and safe
0 reply
1 recast
8 reactions

0xCuttlefish pfp
0xCuttlefish
@0xcuttlefish
So if I'm understanding correctly, your account had a mobile number associated, but it was not enabled for 2FA, and even though you weren't using SMS 2FA the hackers were still able to take over via the mobile number? Is that correct? If so I really dislike that Twitter Blue requires a mobile number to sign up.
0 reply
1 recast
3 reactions

frdysk pfp
frdysk
@fufuprophet.eth
+1 for ethereum and farcaster 🍸
0 reply
0 recast
3 reactions

Mocaverse💼🪐 pfp
Mocaverse💼🪐
@mocaversenft
Glad to meet you here!
0 reply
0 recast
3 reactions

Matthew pfp
Matthew
@mpryor.eth
🤧 that was wild
0 reply
0 recast
2 reactions

Tempe Techie  pfp
Tempe Techie
@tempetechie.eth
Yet another reason to ditch web2 social 🤘
0 reply
0 recast
2 reactions

usamaro pfp
usamaro
@rad
have you ever tried lens? what did you like/dislike if yes?
0 reply
0 recast
2 reactions

Po pfp
Po
@thepanda
Welcome to the World of Decentralised! 🤟
0 reply
0 recast
2 reactions

Dave Pazdan pfp
Dave Pazdan
@paz
prior to this, did you tell tmobile no port, no sim swap under any circumstances on your account?
0 reply
0 recast
2 reactions

dev pfp
dev
@vscode.eth
Scary stuff 😮‍💨 maybe elon should integrate ENS too
0 reply
0 recast
2 reactions

Lukas pfp
Lukas
@lukaslevert
X sucks. Long live farcaster. Also for web2 stuff in the interim, reminder for everyone else here to get some hardware security keys (Yubico). Phone 2FA is clearly too vulnerable.
0 reply
0 recast
2 reactions

Basq pfp
Basq
@jeeg
yes
0 reply
0 recast
2 reactions