Hacker News new | ask | show | jobs
by fragsworth 3667 days ago
How can this possibly work?

Even if an attacker gets the phone code, they should still need your password to sign in. How do they get past that?
1 comments
kinofcain 3667 days ago
As ams6110 noted, it's likely not a 2-factor auth attack but rather a password reset attack.
link