Saw a video of a youtuber that got his account overtaken (I’ll post a link to it in a bit) which has 2fa enabled (not sure which method). He says he didn’t get phished, downloaded anything and his session cookies weren’t stolen and I believe him. The only clue is that he received a sms otp from google but was invalid when he inputted it which let’s me to believe he relied on SMS for 2fa in the first place. My theory is he reused passwords and his number was overtaken but I’m not sure if that’s the case since he did receive the google otp so that leaves out the common phone rep social engineering methods of porting out and fowarding. What else could it be? My paranoia is kinda acting up

Tldr: A YouTuber’s account was hacked despite having 2FA. While unsure of the exact method, potential factors include relying on SMS OTP and the possibility of password reuse.

  • Extras@lemmy.todayOP
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    He did talk about session cookies/tokens in the video which is a possibility but I’m under the impression that this is not what happened since he was already aware of that possibility and didn’t do anything to facilitate that.