Two - factor authentication is generally see as the dependable bet for protecting your Gmail account . But a torturous tale from indie developerGrant Blakeman , whose Instagram was cut up through Gmail , reveals how not even two - cistron authentication can beat every protection threat .
Writing on Ello , Blakeman describes how hacker gained access to his Instagram report through his Gmail . Even though he had two - factor turned on , the hackers were able-bodied to reset his Instagram password through Gmail and take control of his account ( which has since been restored ) . So how did they do it ? Blakeman say that Wired ’s Mat Honan , himself a seasoned ofan epic taxi , helped him by suggesting he tick off with his cellular phone provider .
It wrench out his act had been forwarded to a different numeral — which is how the hackers arrive at access code :
The flak actually begin with my cell phone provider , which somehow allowed some degree of access or social engineering into my Google chronicle , which then leave the hackers to obtain a watchword reset email from Instagram , give them control condition of the account .
After the postappeared on Hacker News , more details emerged about how loose it is to bypass security questions through cell providers . As commenterjasonisalive — who works for a provider — put it , avail reps often receive commissions base on client satisfaction , creating “ a incessant tension between providing a ripe client experience and protecting security department and privacy . ”
Which means a choice between upholding seclusion standard and pissing off his client . “ So where do you draw the line between client support and customer security without either enraging literal client or allowing people to lawlessly access customer account ? , ” asked another reader .
Luckily , Blakeman had the wherewithal and cognition to investigate and at long last reestablish his account . But his tale is a cautionary one : No matterhow bulletproof two - factor hallmark seems , no security measures organization is perfect . [ Hacker News ]
GmailSecurity
Daily Newsletter
Get the best technical school , science , and culture news in your inbox day by day .
News from the future , have to your nowadays .
You May Also Like
