Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
48 replies
186 recasts
590 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
10 replies
11 recasts
95 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
I don't remember when I *added* the number; my guess is that it was required to sign up for twitter blue.
4 replies
2 recasts
53 reactions

Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Anyway, glad to be on farcaster, where my account recovery can be controlled by a good wholesome ethereum address :)
19 replies
71 recasts
292 reactions

aferg pfp
aferg
@aaronrferguson
Glad youโ€™re back. Sorry you got sim swapped :-( Are T-Mobile going to add some extra protection to your mobile to prevent this going forward? I am anxious that mobile companies are woefully unprepared to curtail social engineeringโ€ฆespecially if AI can simulate a speaker since many telecoms use voice for auth
1 reply
0 recast
4 reactions

โ†‘ j4ck ๐Ÿฅถ icebreaker.xyz โ†‘ pfp
โ†‘ j4ck ๐Ÿฅถ icebreaker.xyz โ†‘
@j4ck.eth
๐Ÿ‘๐Ÿ‘๐Ÿ‘
0 reply
0 recast
3 reactions

antimo ๐ŸŽฉ pfp
antimo ๐ŸŽฉ
@antimofm.eth
Welcome back
0 reply
0 recast
1 reaction

Robin A. pfp
Robin A.
@degenroot.eth
Hear hear!
0 reply
0 recast
0 reaction

Dave Pazdan pfp
Dave Pazdan
@paz
prior to this, did you tell tmobile no port, no sim swap under any circumstances on your account?
0 reply
0 recast
0 reaction

Matthew pfp
Matthew
@mpryor.eth
๐Ÿคง that was wild
0 reply
0 recast
0 reaction

Jackson ๐ŸŽฉ๐Ÿ– pfp
Jackson ๐ŸŽฉ๐Ÿ–
@jacks0n
who woulda thought a seed phrase could feel so comfy and safe
0 reply
1 recast
4 reactions

frdysk.framedl.eth pfp
frdysk.framedl.eth
@frdysk
+1 for ethereum and farcaster ๐Ÿธ
0 reply
0 recast
1 reaction

Tempe.degen ๐ŸŽฉ pfp
Tempe.degen ๐ŸŽฉ
@tempetechie.eth
Yet another reason to ditch web2 social ๐Ÿค˜
0 reply
1 recast
0 reaction

Project7 pfp
Project7
@project7
Yay! That's so true :D
0 reply
0 recast
0 reaction

okokk.base.eth pfp
okokk.base.eth
@abcd
ๅ“ๅ‘ณไธ้”™
0 reply
0 recast
0 reaction

WholesomeCrypto pfp
WholesomeCrypto
@rudy
It's all about being wholesome in crypto. Glad you recovered your number and account.
0 reply
0 recast
0 reaction

Lee pfp
Lee
@0xcyclone
Good to have you on here, Welcome
0 reply
0 recast
0 reaction

Mohamad pfp
Mohamad
@mohamad
Thatโ€™s so cool
0 reply
0 recast
0 reaction

Jeeg ๐Ÿ‘พ pfp
Jeeg ๐Ÿ‘พ
@jeeg
yes
0 reply
0 recast
0 reaction

Lukas pfp
Lukas
@lukaslevert.eth
X sucks. Long live farcaster. Also for web2 stuff in the interim, reminder for everyone else here to get some hardware security keys (Yubico). Phone 2FA is clearly too vulnerable.
0 reply
0 recast
0 reaction

dev pfp
dev
@frag.eth
Scary stuff ๐Ÿ˜ฎโ€๐Ÿ’จ maybe elon should integrate ENS too
0 reply
0 recast
0 reaction

0xCuttlefish pfp
0xCuttlefish
@0xcuttlefish
So if I'm understanding correctly, your account had a mobile number associated, but it was not enabled for 2FA, and even though you weren't using SMS 2FA the hackers were still able to take over via the mobile number? Is that correct? If so I really dislike that Twitter Blue requires a mobile number to sign up.
0 reply
0 recast
0 reaction

usamaro pfp
usamaro
@rad
have you ever tried lens? what did you like/dislike if yes?
0 reply
0 recast
0 reaction