Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).
48 replies
186 recasts
590 reactions
Vitalik Buterin pfp
Vitalik Buterin
@vitalik.eth
Main learning re twitter was: > A phone number is sufficient to password reset a Twitter account even if not used as 2FA. Can completely remove phone from Twitter. I had seen the "phone numbers are insecure, don't authenticate with them" advice before, but did not realize this
10 replies
11 recasts
95 reactions
Garrett pfp
Garrett
@garrett
Why aren’t you using an authenticator app or security key?
1 reply
0 recast
2 reactions
phil pfp
phil
@phil
Sorry that happened to you. Glad that the damage was mitigated quickly.
0 reply
0 recast
3 reactions
Brian Kim pfp
Brian Kim
@brianjckim
have you seen efani.com? i’ve had a good experience
0 reply
0 recast
0 reaction
boscolo.eth pfp
boscolo.eth
@boscolo.eth
I'm sorry to hear about your experience, @vitalik.eth! I was sim swapped in 2019, so I understand the frustration. The experience motivated me to launch @3num. Our goal is to upgrade traditional SMS and voice protocols to more secure, crypto-native alternatives. 📱🔒
0 reply
2 recasts
3 reactions
typeof.eth 🔵 pfp
typeof.eth 🔵
@typeof.eth
I don’t love Google Fi (mainly cause coverage isn’t as good), but two things that keep me here are free roaming and 2fa. Makes sim swapping much more difficult.
0 reply
1 recast
4 reactions
Dan Finlay 🦊 pfp
Dan Finlay 🦊
@danfinlay
Had you given T Mobile any special recovery instructions? I understand they will accept them (like a special password to provide to reset). Am curious if the social engineering bypassed any special notes.
1 reply
0 recast
3 reactions
Gabriel Ayuso pfp
Gabriel Ayuso
@gabrielayuso.eth
I might be biased but Google Fi is most likely the most secure carrier to hold your mobile number since it's backed by Google account security.
2 replies
0 recast
3 reactions
adrienne pfp
adrienne
@adrienne
Do you guys think mobile companies keep a list of high profile, likely targets for sim swaps? I would hope so but this makes me think they most certainly don’t, at least not T mobile 😒
2 replies
0 recast
3 reactions
Syed Shah🏴‍☠️🌊 pfp
Syed Shah🏴‍☠️🌊
@syed
The best part of the hack was it took a lot of power away from you in terms of how much people listen to what you say without thinking. There will be a layer of critical thinking that's been strengthened. So a + for the community.
1 reply
0 recast
3 reactions
Petr pfp
Petr
@richmal
@vitalik.eth Unfortunately, this is often the problem of all analog operators, where it assigns a static number and is tied to personal data and operators do not fight this problem. I use Web3 Phone Service dcalls.org
0 reply
0 recast
1 reaction
nixo pfp
nixo
@nixo
have seen a lot of this sim swaps but no post mortems on best practices to quickly recover your accounts - would really love to see something like this. i have no idea who you'd even reach out to in this situation
1 reply
0 recast
1 reaction
Vinay Vasanji pfp
Vinay Vasanji
@vinayvasanji.eth
Given your profile, it's probably wise to switch from T-Mobile to a carrier like Efani https://www.efani.com/
0 reply
0 recast
0 reaction
web3dΞv.eth | sonsOfCrypto.com pfp
web3dΞv.eth | sonsOfCrypto.com
@web3d3v
Every time I come across dapp requiring phone number I die inside a little Looking at you friend.tech, Argent !
1 reply
0 recast
0 reaction
Thomas pfp
Thomas
@aviationdoctor.eth
Looks like everyone dropped the ball here. X shouldn’t enable phone recovery by default, it’s an obsolete practice. T-Mobile should use PINs to thwart social engineers (we’ve known about SIM swaps for years) + special procedures for public figures who are obvious targets (flag set=call escalation, added verif).
2 replies
0 recast
0 reaction
lawl pfp
lawl
@lawl
0 reply
0 recast
0 reaction
manansh ❄️ pfp
manansh ❄️
@manansh
Scary…
0 reply
0 recast
0 reaction
Joel🏴(🦇,🔊,🦖) pfp
Joel🏴(🦇,🔊,🦖)
@joelzhou
It's horrible experience, try to transfer your number to other more secure provider, if there's one.
0 reply
0 recast
1 reaction
Fauziiacong pfp
Fauziiacong
@fauziiacong
Your X account yesterday, is it true that it was hacked?
0 reply
0 recast
1 reaction