Reply All: #130 The Snapchat Thief
November 10, 2018 9:02 AM - Subscribe
This week, a new Super Tech Support: after Lizzie's Snapchat gets hacked, things start getting really creepy. Alex investigates.
Yes! Something like the YubiKey had been in the back of my mind and this episode brought it to the forefront!
posted by ellieBOA at 12:22 PM on November 10, 2018
posted by ellieBOA at 12:22 PM on November 10, 2018
I will have to listen to this one. I lost my instagram account, which had 2FA, when someone transferred my number briefly to their phone.
posted by Molly Razor at 3:40 PM on November 10, 2018
posted by Molly Razor at 3:40 PM on November 10, 2018
I feel like it shouldn't be my problem that it's so easy to steal someone's phone number long enough to take advantage of 2FA. This is a security hole that needs to be filled, even if it means you don't necessarily get to keep your old phone number anymore.
posted by Mr.Encyclopedia at 7:00 PM on November 10, 2018 [1 favorite]
posted by Mr.Encyclopedia at 7:00 PM on November 10, 2018 [1 favorite]
I have been putting off getting a proper password manager for the longest time now. This Podcast put it at the top of my to do list and I think I might as well invest into a YubiKey at the same time.
posted by Megustalations at 5:03 AM on November 11, 2018 [1 favorite]
posted by Megustalations at 5:03 AM on November 11, 2018 [1 favorite]
2FA isn't necessarily bad, you just have to avoid using SMS for it at all costs and instead go with an app-based approach. Try out an app like Authy, which helps you track all your 2FA key generators in the app, so it's decoupled from your phone. I've had 2FA on my Instagram account since it debuted and was surprised to find I had to turn off SMS and turn on app-only 2FA.
This episode was extraordinary, the same thing happened to a friend of mine with a nice OG short single word name and it took 3-4 days for Instagram to restore his account fully. I loved that this story had so many twists and turns and when they got the two kids to break and give up and apologize, I lost it at the end and cried tears of joy.
It reminded me of a good Heavyweight episode.
Also, I really want to get a new number and port my old one to Google Voice, which I've been meaning to do for years.
posted by mathowie at 6:11 PM on November 11, 2018 [1 favorite]
This episode was extraordinary, the same thing happened to a friend of mine with a nice OG short single word name and it took 3-4 days for Instagram to restore his account fully. I loved that this story had so many twists and turns and when they got the two kids to break and give up and apologize, I lost it at the end and cried tears of joy.
It reminded me of a good Heavyweight episode.
Also, I really want to get a new number and port my old one to Google Voice, which I've been meaning to do for years.
posted by mathowie at 6:11 PM on November 11, 2018 [1 favorite]
I've used a yubikey for the past year or so, and it's a nice-to-have but I only use it on a couple services and mainly to protect my password manager that has almost a decade of data in it. Getting a password manager is the best thing you can do to secure your life now.
posted by mathowie at 6:13 PM on November 11, 2018 [3 favorites]
posted by mathowie at 6:13 PM on November 11, 2018 [3 favorites]
Hey, this got me to turn on 2FA for some accounts I'd been putting off. Authy, folks, it's a good thing. And if you're not using a password manager for the love of FSM please start. I think 1Password is the best choice.
This episode was intense and seems to have upset all my friends who've listened to it. Good! Directed attacks against an individual by a motivated hacker really work. Only that turned out not to be the story here, this was just a weak password in a dictionary on a high value account name. I wonder if this episode would have worked better as two episodes. One, Lizzy's story, about dumb teenagers who steal accounts and resell them. And a second one about the much more intense sort of hackery that comes when someone becomes a target.
I assume oghandles.com was the marketplace they were talking about? It's offline now, but has plenty of footprint still in search engines and archives. Think they permanently relocated?
posted by Nelson at 1:50 PM on November 14, 2018
This episode was intense and seems to have upset all my friends who've listened to it. Good! Directed attacks against an individual by a motivated hacker really work. Only that turned out not to be the story here, this was just a weak password in a dictionary on a high value account name. I wonder if this episode would have worked better as two episodes. One, Lizzy's story, about dumb teenagers who steal accounts and resell them. And a second one about the much more intense sort of hackery that comes when someone becomes a target.
I assume oghandles.com was the marketplace they were talking about? It's offline now, but has plenty of footprint still in search engines and archives. Think they permanently relocated?
posted by Nelson at 1:50 PM on November 14, 2018
This painted a very vivid picture of Maxime and his crew as total assholes. Soundcloud rap, indeed.
I felt a weird moment of cognitive dissonance at the end: wait, what, Lizzie has a CoinBase account?
posted by We had a deal, Kyle at 3:34 PM on November 14, 2018
I felt a weird moment of cognitive dissonance at the end: wait, what, Lizzie has a CoinBase account?
posted by We had a deal, Kyle at 3:34 PM on November 14, 2018
I felt a weird moment of cognitive dissonance at the end: wait, what, Lizzie has a CoinBase account?
I need to come out and make a confession here on Metafilter.
I, too, have a CoinBase account.
And a Binance account.
*hopes no one ever sees this comment*
posted by nightrecordings at 6:11 AM on November 17, 2018 [1 favorite]
I need to come out and make a confession here on Metafilter.
I, too, have a CoinBase account.
And a Binance account.
*hopes no one ever sees this comment*
posted by nightrecordings at 6:11 AM on November 17, 2018 [1 favorite]
That there are people in the world who use one of the 1000 most common passwords on an important account and also have a bitcoin address is sobering. Passwords really don't work any more.
posted by eotvos at 10:55 AM on November 18, 2018
posted by eotvos at 10:55 AM on November 18, 2018
And yet, everyone uses passwords everywhere all the time. It is terrible.
posted by Nelson at 11:04 AM on November 18, 2018
posted by Nelson at 11:04 AM on November 18, 2018
You are not logged in, either login or create an account to post comments
I didn't think it was possible to feel like 2FA isn't secure but yeah. It totally isn't. Time to invest in a YubiKey.
posted by nightrecordings at 9:04 AM on November 10, 2018 [2 favorites]