How I Lost My $50,000 Twitter Username posted January 2014

So this guy owned @N on twitter and got extorted his account by a phishing attack. The story is well written and you should read it here : https://medium.com/p/24eb09e026dd

but for a tl;dr the attacker called his paypal account to ask them for his credit card's last 4 digits. Then he called godaddy to ask them to reset the password. They only asked him for the 2 first digits and the last 4s. The attacker just had to guess the 2 first digits (and he did it on the first try, he could have kept calling and trying otherwise).

Now that he had @N's domain's name, he could now see his emails. Took over @N's facebook account and started mailing him "threats".

It's pretty crazy how easy phishing is.

Well done! You've reached the end of my post. Now you can leave a comment or read something else.

Here are some random popular articles:

- Database Encryption
- Zero'ing memory, compiler optimizations and memset_s
- The Strobe Protocol Framework
- Proof of Elgamal's semantic security using a reduction to DDH
- Key Compromise Impersonation attacks (KCI)
- Tamarin Prover Introduction
- Attacks on Ethereum Smart Contracts

Here are some random recent articles:

- Verifying zero-knowledge proofs on Bitcoin?
- From plookup to mvlookup (logup)
- Simple introduction to monads in OCaml
- Permutation-Based Crypto 2023
- The zero-knowledge attack of the year might just have happened, or how Nova got broken
- First zksecurity public report is out!
- I talked about ZK security on the first episode of Node Guardians season 2!

How I Lost My $50,000 Twitter Username posted January 2014

Comments

leave a comment...

How I Lost My $50,000 Twitter Username posted January 2014

Comments

leave a comment...

Subscribe to the mailing list