undefined | Better HN

0 pointsnodesocket7y ago0 comments

This seems to indicate a level of sophistication behind traditional hacking skills. How did they get the phone number to know which carrier to contact to socially engineer?

Also, I am not sure I understand:

> we suspect weaknesses inherent to SMS-based 2FA to be the root cause of this incident

It seems that optaining employee login credentials was the root cause, and bypassing 2FA was the second hurdle but not the root cause.

0 comments

1 comments · 1 top-level

freeone30007y ago

You don't need to know the carrier, just the number. Talk to a carrier in the country and ask to port "your" number to a new plan. Most salespeople would have no problem ignoring security for a sale.

j / k navigate · click thread line to collapse