MultiversX Tracker is Live!

Disable SMS 2FA and change your password scheme IMMEDIATELY. Mass simswap attack incoming.

All Cryptocurrencies

by COINS NEWS 10/05 192 Views

1.5 billion Facebook users' data containing names, email aaddresses, phone numbers, locations, gender, and user ID are reported to have just been leaked. Link

If you use SMS authentication on your email or exchange, or are in the habit of reusing the same or similar password, you are at risk of losing any crypto that you have on an exchange wallet.

How this data was used after the ledger leak in the simswap attack

  • Attacker calls your phone company pretending to be you and scams them into diverting your calls and messages to a new sim card because "I lost my phone"

  • Attacker uses "forgot password" on your email provider and uses the OTP code they receive on your phone number via SMS and then proceeds to change your email password

  • Attacker goes through your inbox and then uses "forgot password" on your exchanges, using a combination of SMS and email OTP codes to take control of your exchange account. Non-SMS 2FA can be reset.

  • Attacker dumps all of your shitcoins before draining your funds into their wallet.

Why you need to also change your password scheme

If your data (including password) has ever been leaked on a different website hack, they will cross compile possible password variations from both sets of data (name, email address, user id help here) and attempt to login to your email address or exchange. Use haveibeenpwned.com to check if your data has ever been leaked (note: it is a database of known leaks).

Best practice for security

  • Use TOTP authentication (e.g. Google authenticator) instead of SMS authentication wherever possible (Note: write down the private key during setup to avoid future headaches). andOTP is a FOSS (Free & Open Source Software) alternative that makes taking encrypted backups of all your TOTP keys easy.
  • Use unique passwords. a password manager can make this a lot easier and can also generate and store more secure passwords. Lastpass(proprietary), KeePass (FOSS), KeePass Tusk Firefox Plugin
  • Create a unique, crypto-only email address for your crypto needs
  • If you are not trading on the exchange, consider moving your crypto to a hardware wallet as they cannot be compromised without physical access to the hardware. Ledger Wallet (Note: always buy straight from ledger to avoid scams (pre printed seed phrases are scams!) and also because the ledger leak originated from a third party seller)

The last time was a complete shitshow of heartbreak and anger especially on the ledger support subreddit. Stay safe people!

EDIT: added some links

submitted by /u/PopeSAPeterFile
[link] [comments]
Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Read more

Related Posts

Comments