If Jack Dorsey got hacked I want to know how just in case a similar attack vector would affect Mastodon users

Wowaweewa. So the attack didn't even involve 2FA because they just spoofed the source phone number and sent the tweets via SMS, a process that does not involve 2FA or any other authentication.

Show thread

@Gargron how do i know this is Eugen and not a hacker?

@Gargron twitter still relies mostly on cell phone/text based 2FA so that's probably where they fucked up

@Gargron Huh. See, my money would have been on it being related to the iPhone zero-day stuff.

@Gargron I always wanted to know if you could spoof SMS, now I know.

@Gargron oh yeah!

I'd forgotten that Twitter was originally a SMS-based service.

I wonder if they still have users that tweet that way because they don't have a smart phone.

@Gargron ISDN hacking is how the Daily Mail and other newspapers got ahold of voicemails of a bunch of celebrities and politicians, IIRC.
Sign in to participate in the conversation
Mastodon is a general-purpose server for everyone (except bots). Here, you are the tooting AI! We aim to provide a stable and fast Mastodon experience and a safe environment.