How Hackers Reportedly Side-Stepped Google’s Two-Factor Authentication
*** begin quote ***
Writing on Ello, Blakeman describes how hackers gained access to his Instagram account through his Gmail. Even though he had two-factor turned on, the hackers were able to reset his Instagram password through Gmail and take control of his account (which has since been restored). So how did they do it? Blakeman says that Wired’s Mat Honan, himself a veteran of an epic hack, helped him by suggesting he check with his cellphone provider.
It turns out his number had been forwarded to a different number—which is how the hackers gained access:
“The attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account.”
*** end quote ***
I suspect it’s those STUPID secondary identification authenticators!
Once again, if your mother’s maiden name isn’t “R2D2GMAIL” at Google and “R2D2AMAZON” at Amazon, then you are asking to be hacked.
Sorry, but, I use LASTPASS and just keep the secondaries in the notes.
AND, I never reuse a password anywhere!
# – # – # – # – #