Just after midnight on August 11, self-professed night owl Jered Kenna was working at home in Medellin, Colombia, when he was notified the passwords had been reset on two of his email addresses.He tried to set up new passwords himself by prompting the email service to send him text messages containing a code — but they never arrived.“So I called the company to make sure I hadn’t forgotten to pay my phone bill, and they said, you don’t have a phone with us. You transferred your phone away to another company,” he says. A hacker had faked his identity and transferred his phone number from T-Mobile to a carrier called Bandwidth that was linked to a Google Voice account in the hacker’s possession. Once all the calls and messages to Kenna’s number were being routed to them, the hacker(s) then reset the passwords for Kenna’s email addresses by having the SMS codes sent to them (or, technically, to Kenna’s number, newly in their possession). Within seven minutes of being locked out of his first account, Kenna was shut out of of up to 30 others, including two banks, PayPal, two bitcoin services — and, crucially, his Windows account, which was the key to his PC.
The thieves likely already had a virus, otherwise they had no idea his hard drive contained coin.
No comments:
Post a Comment