Every time that there is a leak like this it’s infinitely aggravating how the spin department tries to downplay what happened. If you are using SMS based MFA you probably want to stop doing that now.

  • squirmy_wormy@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    11 months ago

    Isn’t the bulleted list the stuff that was lost? They say “we don’t have govt id stuff so that can’t be stolen, the CC info wasn’t affected, here’s the info that was potentially hit”

    This seems like a great email to get. They know what subsystem was hit and are telling people.

    • cybervseas@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      11 months ago

      I don’t think people understand the impact of IMEI and SIM serial being compromised. I’m not sure I fully do, either. This feels like when a mechanic gives you too much technical information that you don’t know how to process.

      • squirmy_wormy@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        11 months ago

        I definitely don’t either, but I sense that the email itself is supposed to be the infuriating part here. The scenario is mildly infuriating for sure, but the email itself is still about as good as you can get in my opinion. Quick, clear about what could be hit.

      • can@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        I was also wondering this. How often is this information available to apps/websites?

      • Alto@kbin.social
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        People really, really hate clicking past the post, even if it’s just to a screenshot.

        Heaven forbid its an article

    • FuglyDuck@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      11 months ago

      To clarify for people wondering, SIM and IMEI information is how the system knows your phone is… your phone.

      Cloning it is supposed to be hard, but with it, they can receive 2FA messages like “Is This You? Text Y back!”.

      It’s actually super easy, if they have enough information, to convince a carrier’s customer service that they are you (remember… never work the system when you can work the people who manage it.)