I find it far more likely they were just paying some customer service dude for access to change the emails for the accounts than that anything was hacked straight up.
look, it's the same idea as a sim-cloning so the same dudes might be involved, only you don't need to con the customer service rep, you just pay straight up money to the dude.
the real shitstorm part for twitter is that they had no separate system that would disallow anyone from changing email addresses or phone numbers for a lot of high profile accounts.
why would any company or country use twitter for releasing any official information when the company is such a shitstorm? Twitter probably did not have any safeties on customer reps looking up data from basically any account, so some rep started selling the private email addresses - possibly with the exception of trumps account.
then the group figured out that the mole was legit and offered him a bigger lump sump to _change_ the addresses(or install a backdoor on his system to facilate it), something for which the rep would probably be caught for. thats how getting the email address for an account was just 250, no risk there. changing then, that's a different thing.
fact is that if it's possible to take over an account through a sim swap through calling a customer rep from that number then it's also possible to just straight up pay money to said minimum wage reps to do whatever on whatever account. it's really crazy to operate in that way.
I know, just don't get it. I would think twatter would implement a minimum of 3 rep's to make a change to most accounts and restrict high profile account changes to managerial review possibly even by Dorsey for names as big as got hacked. A friend who used godaddy as her website provider lost her password, her cc that was associated with her account was no more and she did not remember the cc number, and could not answer *any* question correctly about the account. I expected they would tell her sorry, we ca
Backdoor (Score:0)
Re: (Score:5, Funny)
Didn't quite make it through the summary, did you.
Re:Backdoor (Score:3)
the summary doesn't provide much to be honest.
I find it far more likely they were just paying some customer service dude for access to change the emails for the accounts than that anything was hacked straight up.
look, it's the same idea as a sim-cloning so the same dudes might be involved, only you don't need to con the customer service rep, you just pay straight up money to the dude.
the real shitstorm part for twitter is that they had no separate system that would disallow anyone from changing email addresses or phone numbers for a lot of high profile accounts.
why would any company or country use twitter for releasing any official information when the company is such a shitstorm? Twitter probably did not have any safeties on customer reps looking up data from basically any account, so some rep started selling the private email addresses - possibly with the exception of trumps account.
then the group figured out that the mole was legit and offered him a bigger lump sump to _change_ the addresses(or install a backdoor on his system to facilate it), something for which the rep would probably be caught for. thats how getting the email address for an account was just 250, no risk there. changing then, that's a different thing.
fact is that if it's possible to take over an account through a sim swap through calling a customer rep from that number then it's also possible to just straight up pay money to said minimum wage reps to do whatever on whatever account. it's really crazy to operate in that way.
Re: (Score:2)