126

Every time that there is a leak like this it's infinitely aggravating how the spin department tries to downplay what happened. If you are using SMS based MFA you probably want to stop doing that now.

you are viewing a single comment's thread
view the rest of the comments
[-] Nighed@sffa.community 16 points 11 months ago* (last edited 11 months ago)

Edit: sorry, app didn't show the entire image by default, they DO list exactly what was lost, not a bad email tbh (although better if they didn't lose it)

Isn't it saying that they didn't have those bits so couldn't loose them?

It would have been more useful (but look worse for them!) If they just listed what was lost....

[-] squirmy_wormy@lemmy.world 15 points 11 months ago* (last edited 11 months ago)

Isn't the bulleted list the stuff that was lost? They say "we don't have govt id stuff so that can't be stolen, the CC info wasn't affected, here's the info that was potentially hit"

This seems like a great email to get. They know what subsystem was hit and are telling people.

[-] cybervseas@lemmy.world 12 points 11 months ago

I don't think people understand the impact of IMEI and SIM serial being compromised. I'm not sure I fully do, either. This feels like when a mechanic gives you too much technical information that you don't know how to process.

[-] squirmy_wormy@lemmy.world 4 points 11 months ago

I definitely don't either, but I sense that the email itself is supposed to be the infuriating part here. The scenario is mildly infuriating for sure, but the email itself is still about as good as you can get in my opinion. Quick, clear about what could be hit.

[-] can@sh.itjust.works 2 points 11 months ago

I was also wondering this. How often is this information available to apps/websites?

[-] cybervseas@lemmy.world 2 points 11 months ago

Mint is a mobile carrier so they have this information about your phone.

[-] can@sh.itjust.works 2 points 11 months ago

But is this something only carriers would normally have access to?

[-] corsicanguppy@lemmy.ca 6 points 11 months ago

I thought it was a nice tidy list too.

How is it so hard for people to read?

[-] Alto@kbin.social 4 points 11 months ago

People really, really hate clicking past the post, even if it's just to a screenshot.

Heaven forbid its an article

[-] Nighed@sffa.community 2 points 11 months ago

My bad, app wasn't showing the entire image. I need to try the other apps.

[-] FuglyDuck@lemmy.world 4 points 11 months ago

To clarify for people wondering, SIM and IMEI information is how the system knows your phone is… your phone.

Cloning it is supposed to be hard, but with it, they can receive 2FA messages like “Is This You? Text Y back!”.

It’s actually super easy, if they have enough information, to convince a carrier’s customer service that they are you (remember… never work the system when you can work the people who manage it.)

[-] punkcoder@lemmy.world 1 points 11 months ago

Yup and that's the infuriating part. It's not helpful or useful, it 100% a cya.

[-] Nighed@sffa.community 11 points 11 months ago

Your title implies they lost all the bad stuff though

[-] punkcoder@lemmy.world 1 points 11 months ago

With the IMEI and SIM card information they now have the details needed to take over MFA. I share my birthdate with people that I casually know, I try not to do that with MFA codes. Credit card details would be bad, but at this point with the number of people who have leaked it, I would be 100% surprised if you couldn't find our CC data via a google search.

[-] stardreamer@lemmy.blahaj.zone 4 points 11 months ago

Setup TOTP NOW. Mint added proper TOTP authentication as MFA a while back that should block sms based MFA. Might be a good way to prevent sim swapping attacks.

[-] postmateDumbass@lemmy.world 1 points 11 months ago

Might work for mint but what about all the other accounts with other companies using mfa?

[-] stardreamer@lemmy.blahaj.zone 2 points 11 months ago* (last edited 11 months ago)

The goal here is to prevent someone from requesting a SIM replacement to unlock your other accounts. Since the attacker can use the IMEI and SIM info to contact customer service. If you have MFA on your mint account then they should ask for extra info before sending the replacement SIM, which would help with the current situation.

[-] Wxfisch@lemmy.world 5 points 11 months ago

The reality is they may not know exactly what was obtained, but they do know it wasn’t anything they don’t collect (like DOB, SSN, etc listed in the message). Instead of looking at this purely as a CYA message, instead looking at it as informing you as soon as they had any idea your information may have been impacted instead of waiting weeks/months to inform you. Don’t let perfect be the enemy of good.

[-] zaph@sh.itjust.works 0 points 11 months ago

Don’t let perfect be the enemy of good.

This is nice. I'ma keep it.

this post was submitted on 22 Dec 2023
126 points (91.4% liked)

Mildly Infuriating

35454 readers
530 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 2 years ago
MODERATORS