If Jack Dorsey got hacked I want to know how just in case a similar attack vector would affect Mastodon users
Wowaweewa. So the attack didn't even involve 2FA because they just spoofed the source phone number and sent the tweets via SMS, a process that does not involve 2FA or any other authentication.
@Gargron how do i know this is Eugen and not a hacker?
@Gargron They're saying Cloudhopper and a cloned phone number, or something? https://variety.com/2019/digital/news/hackers-take-over-account-of-twitter-ceo-tweet-racial-slurs-bomb-threat-1203319747/
@Gargron twitter still relies mostly on cell phone/text based 2FA so that's probably where they fucked up
@Gargron Huh. See, my money would have been on it being related to the iPhone zero-day stuff.
@Gargron I always wanted to know if you could spoof SMS, now I know.
@Gargron oh yeah!
I'd forgotten that Twitter was originally a SMS-based service.
I wonder if they still have users that tweet that way because they don't have a smart phone.
tooting.ai is a general-purpose server for everyone (except bots). Here, you are the tooting AI! We aim to provide a stable and fast Mastodon experience and a safe environment.