Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
27 replies
95 recasts
441 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
7 replies
12 recasts
77 reactions
Garrett 🎩↑ᖽ pfp
Garrett 🎩↑ᖽ
@garrett
Why aren’t you using an authenticator app or security key?
1 reply
0 recast
2 reactions
phil @ farcon pfp
phil @ farcon
@phil
Sorry that happened to you. Glad that the damage was mitigated quickly.
0 reply
0 recast
3 reactions
Brian Kim pfp
Brian Kim
@brianjckim
have you seen efani.com? i’ve had a good experience
0 reply
0 recast
0 reaction
Gabriel Ayuso ⌁ brewing pfp
Gabriel Ayuso ⌁ brewing
@gabrielayuso.eth
I might be biased but Google Fi is most likely the most secure carrier to hold your mobile number since it's backed by Google account security.
2 replies
0 recast
5 reactions
typeof.eth 🔵 pfp
typeof.eth 🔵
@typeof.eth
I don’t love Google Fi (mainly cause coverage isn’t as good), but two things that keep me here are free roaming and 2fa. Makes sim swapping much more difficult.
1 reply
0 recast
5 reactions
Syed Shah🏴‍☠️🌊Farcon pfp
Syed Shah🏴‍☠️🌊Farcon
@syed
The best part of the hack was it took a lot of power away from you in terms of how much people listen to what you say without thinking. There will be a layer of critical thinking that's been strengthened. So a + for the community.
1 reply
0 recast
5 reactions
chrisb (boscolo.eth) pfp
chrisb (boscolo.eth)
@boscolo.eth
I'm sorry to hear about your experience, @vitalik.eth! I was sim swapped in 2019, so I understand the frustration. The experience motivated me to launch @3num. Our goal is to upgrade traditional SMS and voice protocols to more secure, crypto-native alternatives. 📱🔒
0 reply
2 recasts
3 reactions
adrienne pfp
adrienne
@adrienne
Do you guys think mobile companies keep a list of high profile, likely targets for sim swaps? I would hope so but this makes me think they most certainly don’t, at least not T mobile 😒
2 replies
0 recast
3 reactions
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Had you given T Mobile any special recovery instructions? I understand they will accept them (like a special password to provide to reset). Am curious if the social engineering bypassed any special notes.
0 reply
0 recast
3 reactions
nixo pfp
nixo
@nixo
have seen a lot of this sim swaps but no post mortems on best practices to quickly recover your accounts - would really love to see something like this. i have no idea who you'd even reach out to in this situation
1 reply
0 recast
2 reactions
Trish🫧✈️🎩 pfp
Trish🫧✈️🎩
@trish
I had my sim “protected” by T-Mobile. The lost my pin but it was so too easy for me to get access to my account, I left. I’m so sorry that happened to you.
1 reply
0 recast
1 reaction
Zuphioh 🎩🔵 pfp
Zuphioh 🎩🔵
@zebra
Sim Swaps becoming a very frequent issue in this space, crazy how many people are getting impacted by it lately
1 reply
0 recast
1 reaction
Thomas pfp
Thomas
@aviationdoctor.eth
Looks like everyone dropped the ball here. X shouldn’t enable phone recovery by default, it’s an obsolete practice. T-Mobile should use PINs to thwart social engineers (we’ve known about SIM swaps for years) + special procedures for public figures who are obvious targets (flag set=call escalation, added verif).
1 reply
0 recast
1 reaction
8INK5 ⚡🎩❤️ pfp
8INK5 ⚡🎩❤️
@mime-jr.eth
YubiKeys are what you need 👍 Yes they can be used on X
0 reply
0 recast
1 reaction
S·G 🎩 🥚 pfp
S·G 🎩 🥚
@esdotge.eth
It is frustrating these types of hacks where people unfairly lose their digital assets. Until this is fixed we will not be offering a valid technology for the next internet. People want security, protection and guarantees of their property...
1 reply
0 recast
1 reaction
web3dΞv.eth | sonsOfCrypto.com pfp
web3dΞv.eth | sonsOfCrypto.com
@web3d3v
Every time I come across dapp requiring phone number I die inside a little Looking at you friend.tech, Argent !
1 reply
0 recast
1 reaction
Petr 🟢 dTelecom pfp
Petr 🟢 dTelecom
@richmal.eth
@vitalik.eth Unfortunately, this is often the problem of all analog operators, where it assigns a static number and is tied to personal data and operators do not fight this problem. I use Web3 Phone Service dcalls.org
0 reply
0 recast
1 reaction
Jon "JonnyRingo" Williams⚰️ pfp
Jon "JonnyRingo" Williams⚰️
@jonnyringo.eth
Really glad to hear there wasn't any other collateral damage!
0 reply
0 recast
0 reaction