"How I Lost My $50,000 Twitter Username"

The important bit here isn't Twitter or how much the username was worth, but how the attack was carried out

@Gargron > Use an for logins.

this is actually a horrible tip

@espectalll But setting a high TTL on MX records sounds like a good idea

@Gargron you should absolutely do that if you can, although that still means trusting your registrar - oh well, that's the nature of the Internet :blobuwu:

@Gargron I dont understand his hacked-twitter-account is still active and doesnt look compromised:

@adidal @Gargron I guess after such a story, twitter contacted him and give the account back to him? Remember this is from 2014.

@adidal @Gargron The article is 5 years old... I imagine the situation was fixed in that time.

@adidal The post was published in 2014; he regained control of it afterwards.

en qué momento los de godaddy le dan la contraseña para acceder a la gestión del dominio? se la dan por teléfono? Si se la envían, incluso en texto plano, al email entonces el Naoki todavía estaba en posesión de la gestión del dominio (y por tanto del correo). Como no se la hubieran dado por teléfono (asumiendo que lo de los números de la tarjeta fuese cierto) no sé aún cómo la supieron o pudieron cambiarla. También es probable que yo no entienda nada de esto :p


@xosem @Gargron Me recuerda mucho a esto otro que vi hace poco:

No cuadran cosas. Casi parece más una campaña de desprestigio a ciertas marcas (o de propaganda positiva para otras).

... and why do you need an e-mail account to register to a website, in the first place?
It should be an option, but not obligatory.

@Gargron Basic 2FA alone is not enough, because often it's TOTP with SMS as backup which is not secure. You should all use hardware tokens exclusively. Google provides that option.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!