I was recently the subject of a relatively sophisticated attack and I wanted to know if anyone else had run into this issue:
Basically many years ago I worked for a company that is now defunct. During that time I was a giant moron and used my work email as an account recovery password.
Later the company became defunct, but I never removed the work email as an account recovery option. (Because I am/was a moron.)
Anyway, I got several 2FA requests from the service (many of which were in Vietnamese.) I was also notified of a password reset via the forgotten credentials.
Best I can tell the attacker used a service that tracks dropped domains, purchased my old employers domain, and then started up an SMTP server. They then went through the password reset option until they got to my 2FA.
I understand this was only possible because of the stale credentials, but I have to admit I am kind of impressed. I am assuming they cross referenced a data breach list with the expiring domains list. Has anyone else had this happen? What would this be called a domain swap or something else? I have since recovered full access to that account and have removed it as a backup email, but I am still curious.
[link] [comments]
from hacking: security in practice https://ift.tt/W4nzYt5
Comments
Post a Comment