47
submitted 9 months ago* (last edited 9 months ago) by Extrasvhx9he@lemmy.today to c/asklemmy@lemmy.ml

Saw a video of a youtuber that got his account overtaken which has 2fa enabled (not sure which method but I'm thinking sms). He says he didn't get phished, downloaded anything and his session cookies weren't stolen and I believe him. The only clue is that he received a sms otp from google but was invalid when he inputted it which let's me to believe he relied on SMS for 2fa in the first place. My theory is he reused passwords and his number was overtaken but I'm not sure if that's the case since he did receive the google otp so that leaves out the common phone rep social engineering methods of porting out and fowarding. What else could it be? My paranoia is kinda acting up

Tldr: A YouTuber's account was hacked despite having 2FA. While unsure of the exact method, potential factors include relying on SMS OTP and the possibility of password reuse. No session cookies were stolen, nothing downloaded and no links clicked

Edit for timestamp: its kinda difficult since he jumps around a lot but he begins to talk about it around the 2min 30sec mark and stops at around the 6min mark

you are viewing a single comment's thread
view the rest of the comments
[-] rufus@discuss.tchncs.de 11 points 9 months ago* (last edited 9 months ago)

Difficult to tell what happened without knowing the full context.

It has happened that scammers call support, say they're XYZ and lost their 2fa device. 2fa gets disabled and they can overtake the account in some old fashioned way.

Also there is SIM splitting and other techniques. Also the youtuber could be wrong. These attacks are very subtle until it's too late.

Give us a link (with timestamp if it's long), maybe someone can find out more. [Edit: Thx for the link.]

[-] Extrasvhx9he@lemmy.today 3 points 9 months ago* (last edited 9 months ago)

Damn I assumed google customer reps couldn't do that without verifying. How do you even protect from that? Besides not using one account for everything

Edit: I assumed porting out scam too but what confuses me about it was that his carrier line was still actively recieveing SMS and my understanding is that after a port out, the old sim becomes invalid/not working.

[-] rufus@discuss.tchncs.de 4 points 9 months ago* (last edited 9 months ago)

Sure, customer reps shouldn't help with account recovery unless they get proper verification. I'm sure many companies have learned from past mistakes. I think that's the only way to solve it. I'm not sure though if this is what has happened here... These crypto people seem to have hacked many accounts last year.

Maybe related video from Linus Tech Tips incident last march: https://piped.video/watch?v=yGXaAWbzl5A

Adam Koralik talks a bit fast and some details aren't clear to me. For example if he got recovery mails and sms from his own actions or if this was the scammer. Also I'm not sure how 2fa works with YouTube. I certainly hope changing the account password makes it ask for the second factor or it's next to useless. If this is the case he must have gotten phished or there is another unknown security issue in the process. Or his password didn't get changed in the first place. But that also can't be it since he clearly tells he got the notification mails for a password change and changed recovery methods.

[-] rufus@discuss.tchncs.de 1 points 9 months ago* (last edited 9 months ago)

Concerning your edit: I've read that, too. That your connection drops, once a new SIM card gets activated. That might take a while, though, or not happen with some carriers or under certain circumstances. As far as i know a cell network is a crazy mix of technology. And from his description it's not even clear to me when he talks about SMS and when he talks about notification emails or push notifications.

And in other youtubers' videos I've heard they usually seperate their accounts so that it's not the same account for private stuff on their phone and the important youtube stuff all mixed in the same account.

this post was submitted on 17 Jan 2024
47 points (100.0% liked)

Asklemmy

43791 readers
692 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS