WingNews logo WingNews
top | item 45268464

(no title)

davidscoville | 5 months ago

I think the attacker had my password, and they just needed a recovery method, which was the code I read over the phone.

I have no idea how they had my password, I never share passwords or use the same password. But I hadn’t changed my Google password in a while.

discuss

order

cpncrunch|5 months ago

No, if they had had the password they wouldn't have needed to do all of that. They could have just logged in, perhaps just needed the 2FA code. However, you say that you gave them both enhanced security codes (I'm guessing this was a gmail backup key), and you also gave them the 2FA SMS code. These are the only two things you need to take over any gmail account, and it doesn't require knowing the password. It's just purely social engineering.

The only question mark is the email from google. It sounds like it was a scam email, so it would be interesting to know whether/how it was spoofed.

ratorx|5 months ago

Gotcha, thanks for clarifying!

And did you have passwords using chrome password manager as well (which were also compromised by the Google account access, and this is how they got access to e.g. Coinbase?), or did they get passwords through some other means and just needed 2FA?

davidscoville|5 months ago

I did have saved passwords in Chrome password manager but they were old. My guess is that the attacker used Google SSO on Coinbase (e.g., "sign in with Google"), which I have used in the past. And then they opened up Google's Authenticator app, signed in as me, and got the auth code for Coinbase.

By enabling cloud-sync, Google has created a massive security vulnerability for the entire industry. A developer can't be certain that auth codes are a true 2nd factor, if the account email is @gmail.com for a given user because that user might be using Google's Authenticator app.

lokar|5 months ago

Did you reuse that password on another site?

I don’t see how this happens if you use strong passwords without reuse.

nixosbestos|5 months ago

500+ comments in this thread and there's still no information as to what the hella actually happened.

I sleep fine at night, this is a Hallmark of these "omg I got owned and it could happen to you!" posts that never quite add up.