Hackers stole Coinbase and 2FA app from a victim of the Google Fi hack

Share This Post

  • On January 1, a technologist known as regexer received an email stating that he had successfully reset his account at the cryptocurrency exchange Coinbase.

Unfortunately, and concerningly, he had not requested a password reset. Regexer, who asked to be referred to by his online alias for fear of being targeted by hackers again, quickly realised he was being hacked, and his attempts to regain control of his Coinbase were futile.

He soon discovered that he had no cell phone service. Then, his two-factor authentication app, Authy, notified him that a new device had been added to his account. After gaining control of regexer’s cell phone service, the hackers were able to reset his passwords and intercept two-factor SMS messages. According to regexer, this allowed the hackers to take control of Authy and use the 2FA codes generated by the app.

This gave them the opportunity to break into even more regexer-owned accounts.

Regexer, unsure what to do, began changing passwords on his other important accounts, which had not yet been compromised. Then, on a whim, he toggled his iPhone’s aeroplane mode on and off. His cell phone service was eventually restored.

“I have no idea what the hell is going on. “I am completely owned,” regexer told TechCrunch of the incident.

Regexer isn’t sure if turning on and off aeroplane mode is what stopped the attack, but he’s glad it did.

Regexer had no idea how he had been hacked for weeks. Then, on Monday, he received an email from his cell phone provider, Google Fi, informing him and all other customers that hackers had stolen some of their personal information, most likely as a result of the recent T-Mobile breach.

Unlike the emails sent to other customers, the email regexer received contained more detailed information about the hack he experienced weeks before. “Other data related to your Google Fi account, such as a zip code and the service/emergency address associated with your account, may also have been accessed without authorization,” read the email, which regexer shared with TechCrunch. ” Additionally, on January 1, 2023, your mobile phone service was transferred from your SIM card to another SIM card for approximately 1 hour 48 minutes. The unauthorised access could have involved the use of your phone number to send and receive phone calls and text messages during the time of this temporary transfer. Despite the SIM switch, your voicemail could not be accessed. “Google Fi service has been restored to your SIM card.”

Regexer stated that he spoke with two Google Fi customer service representatives in an attempt to learn more about what occurred, but neither of them told him anything. Regexer also found no evidence that his Google account, which is linked to his Google Fi account, had been compromised. It’s unclear how the hackers performed the SIM swap. Google has yet to respond to a comment request. And it’s unclear whether or not other people were specifically targeted by hackers in the same way that regexer was.

During the attack, regexer discovered that the hackers had also taken over his Outlook email account and, in an effort to conceal their actions, deleted the emails informing of the password reset. Even though nothing else has happened since January 1, regexer is still concerned and has asked Google for more information.

“So, unless Google sheds more light on the attack, it’s unclear how vulnerable people’s phone numbers are now.” “The main thing I’d like to know is whether I and others are still vulnerable, and if there’s anything we can do to protect ourselves. I’d like to know more about the mechanisms used for the phone number takeover because it will shed light on the level of ongoing vulnerability and defence methods, as well as whether SMS two-factor is still preferable to no two-factor at all. (I can use SMS to replace some online accounts, but not all. Many banks and other institutions only allow two-factor authentication via SMS.) I’d also like to know how many people had their phone numbers stolen as a result of the breach, and if it was a small subset, was there any reason why we were singled out?”

Read More:

Partnership Between Mitsubishi Electric and Nozomi Networks Strengthens Operational Technology Security Business

Mitsubishi Electric and Nozomi Networks Partnership Mitsubishi Electric and Nozomi...

Solidion Technology Inc. Completes $3.85 Million Private Placement Transaction

**Summary:** 1. Solidion TechnologyInc. has announced a private placement deal...

Analyzing the Effects of the EU’s AI Act on Tech Companies in the UK

Breaking Down the Impact of the EU’s AI Act...

Tech in Agriculture: Roundtable Discusses Innovations on the Ranch

Summary of Tech on the Ranch Roundtable Discussion: ...

Are SMEs Prioritizing Tech Investments Over Security Measures?

SMEs Dive Into Tech Investments, But Are...

Spotify Introduces Music Videos for Premium Members in Chosen Markets

3 Summaries of Spotify Unveils Music Videos for Premium...

Shearwater to Monitor Production at Equinor’s Two Oil Platforms

Shearwater GeoServices secures 4D monitoring projects from Equinor for...

Regaining Europe’s Competitive Edge in Innovation: Addressing the Innovation Lag

Europe’s Innovation Lag: How Can We Regain Our Competitive...

Related Posts

Government Warns of AI-Generated Content: Learn More about the Issue

Government issued an advisory on AI-generated content. All AI-generated content...

Africa Faces Internet Crisis: Extensive Outage Expected to Last for Months, Hardest-Hit Nations Identified

Africa’s Internet Crisis: Massive Outage Could Last Months, These...

FTC Investigates Reddit for AI Content Licensing Practices

FTC is investigating Reddit's plans...

Journalists Criticize AI Hype in Media

Summary Journalists are contributing to the hype and...