Google Fi hack victim had Coinbase, 2FA app hijacked by hackers
Reading Time: 3 minutesOn January 1, a technologist who goes by the nickname regexer received an email saying he had successfully reset his account at the crypto exchange Coinbase.
Unfortunately — and worryingly — he had actually not requested a password reset. Regexer, who asked to be referred to by his online moniker for fear of being targeted by hackers again, quickly realized he was being hacked, and his attempts to log into his Coinbase to regain control were unsuccessful.
Soon after, he noticed he had no cell phone service. Then, his two-factor app, Authy, notified him that a new device was added to his account. After the hackers took control of regexer’s cell phone service, the hackers were able to reset the passwords on his accounts and intercept two-factor SMS messages. That allowed the hackers to take control of Authy, giving them the ability to use the 2FA codes created by the app, according to regexer.
This gave them a chance to break into even more accounts owned by regexer.
Unsure what to do, regexer started changing passwords on his other important accounts that had apparently not been compromised yet. Then, on a whim, he turned airplane mode on and off on his iPhone. Somehow, after that, his cellphone service was restored.
Regexer isn’t sure if turning airplane mode on and off is what stopped the attack but he is glad that happened.
For weeks, regexer had no idea how he had been hacked. Then, on Monday, he received an email from his cell phone provider, Google Fi, informing him and all other customers that hackers had stolen some customers’ information, likely connected to the recent breach at T-Mobile.
Unlike for other customers, the email regexer received contained more detailed information about the hack he suffered weeks prior.
Regexer said he has talked to two Google Fi customer representatives trying to figure out more details about what happened, but neither of them told him anything. And, interestingly, regexer didn’t see any evidence that his Google account, which is tied to the Google Fi account, was compromised. It’s unclear how the hackers were able to perform the SIM swap.
Google has not responded to a request for comment. And it’s not yet known if there were other people, or how many, specifically targeted by hackers the way regexer was.
While the attack was ongoing, regexer found out the hackers had also taken over his Outlook email account, and — smartly — in an effort to hide their actions, deleted the emails informing of the password reset.
Even though nothing else happened since January 1, regexer is still worried and is calling on Google to disclose more information.
‘The main thing I’d like to know is whether I and others are still vulnerable, and if there’s anything we can do to protect ourselves. I’d love to know more details about the mechanisms that were used for the phone number takeover because that will shed light on the level of ongoing vulnerability and methods for defense, as well as whether SMS two-factor remains better than no two-factor at all. (I can replace SMS for some online accounts, but not all. Many banks and others only allow two-factor via SMS.) I’d also love to know how many people had their phone numbers hijacked in connection with the breach, and, if it was a small subset, was there any reason that we in particular were targeted,’ regexer said.
‘So unless Google sheds more light on the attack there is a big open question about how vulnerable people’s phone numbers now are.’
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG