If Jack Dorsey got hacked I want to know how just in case a similar attack vector would affect Mastodon users


Wowaweewa. So the attack didn't even involve 2FA because they just spoofed the source phone number and sent the tweets via SMS, a process that does not involve 2FA or any other authentication.


@Gargron Huh. See, my money would have been on it being related to the iPhone zero-day stuff.

@Gargron I always wanted to know if you could spoof SMS, now I know.

@Gargron oh yeah!

I'd forgotten that Twitter was originally a SMS-based service.

I wonder if they still have users that tweet that way because they don't have a smart phone.

@Gargron ISDN hacking is how the Daily Mail and other newspapers got ahold of voicemails of a bunch of celebrities and politicians, IIRC.
Sign in to participate in the conversation

tooting.ai is a general-purpose server for everyone (except bots). Here, you are the tooting AI! We aim to provide a stable and fast Mastodon experience and a safe environment.