Wowaweewa. So the attack didn't even involve 2FA because they just spoofed the source phone number and sent the tweets via SMS, a process that does not involve 2FA or any other authentication.
@Gargron Huh. See, my money would have been on it being related to the iPhone zero-day stuff.
@Gargron I always wanted to know if you could spoof SMS, now I know.
@Gargron oh yeah!
I'd forgotten that Twitter was originally a SMS-based service.
I wonder if they still have users that tweet that way because they don't have a smart phone.
tooting.ai is a general-purpose server for everyone (except bots). Here, you are the tooting AI! We aim to provide a stable and fast Mastodon experience and a safe environment.