Possible Security Breach info

Discussion in 'Technical' started by TinyDreams, Jun 29, 2019.

  1. TinyDreams

    TinyDreams Monkey++

    So hackers have found a way around two factor authentication. If you have T-Mobile or AT&T please make sure you enable the secondary security pin and any other security measures you can on your account.

    How a trivial cell phone hack is ruining lives

    The article title is misleading they aren't hacking your cell phone, they are calling the cellphone companies I mentioned and giving them the info needed to transfer your phone number and plan to a different phone. Once they have your phone number they can gain access to any two factor account you have.

    Here's how I survived a SIM swap attack after T-Mobile failed me - twice | ZDNet
    UncleMorgan and Ganado like this.
  2. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    Oh....this is extremely serious. I read all the articles associated with it. I am going to see what security I can set to stop this - right now! Thanks!
    sec_monkey and UncleMorgan like this.
  3. UncleMorgan

    UncleMorgan I like peeling bananas and (occasionally) people.

    The security protocol I use is to do no online banking or financial transactions of any kind on the web.

    The exception being some online shopping--Ebay and the like.

    If my bank account isn't accessible on the web, I can't be robbed on the web.

    I try to pay in cash, whenever possible. Or I pay by physical check, even if the bank doesn't like processing paper.

    Banks. BTW, are easy to replace. Hacked bank accounts are not.

    Never use a debit card. Debit cards start with the letter "D" because that's the first letter in the word "Doofus". Anyone that uses a debit card is a card-carrying doofus.

    If somebody steals/hacks a debit card, it's "Sorry, Charlie!" There won't be any getting that money back.

    Instead of sleeping at a Holiday Inn (one time) ditch the ATM card, too. You'll sleep a lot better without it.

    No one needs an ATM. You can always just walk into the bank.

    And if the bank is closed you can always pull your "Emergency Cash Withdrawal--$200.00, baby, with no card required--right out of the little pocket you had sewed on the holster of your Sig.

    I am continuously astonished and appalled at the idiocy of the Facebookies and Twitteratti that routinely post the most revealing and dangerous personal information for the edification of total strangers.

    "Hello, world! Me any my kid sister are always home alone on Friday nights because Mom has to work til Midnight. When we get home from school, we have to use the key under the Welcome mat."

    Hello, world! This is me playing with my Chihuahua, Rexxie! He's my Protector! Isn't he cutsie-wootsie?" (Kiss-kiss)

    "Hello, world. I'm really bummed out. I wanted a .22 so I could go hunting when I visit my Dad, but Mom won't allow any guns in the house. It's not like we can't afford one. She makes good money. She's just being mean."

    And of course:

    "Hi, I just turned thirteen and got my very first bikini today! Isn't it rad!"


    Oh, and did I mention? I don't own a cell phone.
  4. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    So, I went through my mobile phone accounts and changed passwords and pins to something stronger; however, I noticed that their password creation isn't as strong as normal, like email accounts, so that is concerning... I changed those accounts to link to my secondary email address, not my main one.

    I also ensured that my email accounts do not use my mobile phone (text or call) as security verification.

    Finally, I made stronger passwords on my email accounts.

    Some of the things I do to increase my security off the top of my head:
    1. I do not put anything on the cloud - nothing.

    2. I use a specific/separate/individual password for each and every account I own and keep a list of them on an encrypted USB flash drive in the safe. It must be unlocked by a physical punched in code. I keep a back up of that drive also. Yeah, it's a bit of a hassle but worth it.

    3. No Social Media accounts - none.
    TinyDreams and UncleMorgan like this.
  5. UncleMorgan

    UncleMorgan I like peeling bananas and (occasionally) people.

  6. TinyDreams

    TinyDreams Monkey++

    Glad to know everyone has their data safely tucked away or not accessible. I wasn't worried so much about this site but I thought I should let you guys know. No security is completely 100% foolproof.

    The person that was hacked did post a lot of political stuff and was a writer for two newspapers so it might've just been a targeted attack. I think there was someone else that was hacked in the first article but I didn't do any research on them.
  7. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    @TinyDreams Nevertheless, thank you for making us aware of the possibility! Please feel free to do so in the future also. If nothing else, this got me off my backside to make some changes that needed doing. I intend to do more tomorrow too! Thanks!
    Ganado, TinyDreams and Gator 45/70 like this.
  8. mysterymet

    mysterymet Monkey+++

    Holy crap great post! Thanks for the warning. I will try and deal with this vulnerability asap!
  9. Oddcaliber

    Oddcaliber Monkey+++

    Whenever I purchased on Ebay l used a prepaid debit card incase anyone got that information. If they tried to use it there's no money on it until I put it on.
    Bandit99 likes this.
  1. Ganado
  2. BenP
  3. melbo
  4. melbo
  5. melbo
  6. sec_monkey
  7. CATO
  8. melbo
survivalmonkey SSL seal        survivalmonkey.com warrant canary