Hacker News new | ask | show | jobs
by embeddedsystems 1945 days ago
I do a bunch of stuff in the gaming space, and WP has been one of the bigger causes of pain for streamers. Often separate 2FA-only - to prevent account hijacks - cellphones that are paid monthly and used nowhere else still show up, and the result is attempted murder (via swatting). This happens so frequently it's absurd.

None of this is opt in, all of it is extremely unwanted, and those companies really should not exist.
1 comments
dleslie 1945 days ago
How are the swatters getting access to the phone number if it's used nowhere else?

Disclaimer: I also work in gaming, and deal with streamer security.

link
embeddedsystems 1945 days ago
WP's site helpfully tries to show "this person's other phone numbers". My guess is it's acquired via credit institutions when you use that number for 2FA with a bank (since honestly, what the hell, virtually no bank supports U2F/TOTP 2FA and demand phone numbers, ugh)

I don't know how they match it in the backend, often it's wrong (and results in innocent parties being attacked).

I usually recommend completely prepaid lines for this to prevent hijackers from using the good old social engineering trick to hijack their accounts via customer service by providing last 4 of various identifiers. But these still eventually show up after you add the number to enough 'traditional' accounts. One of my friends (female, streamer) has gotten police at her house at 3 am with guns drawn so many times it's ridiculous. At least in many parts of, if not the entire US, trying to swat someone is legitimately trying to do your hardest to murder them.

This honestly should be made illegal, there is no reason for these services to exist, or for public records to be made available at all other than rate limited, in person without the ability to take a copy. Exceptions can be made for elected officials.

link
dleslie 1945 days ago
That's... Wow, kinda absurd.

I checked and it appears they lack Canadian data; and so perhaps I was correct in presuming that such egregious breaching of personal privacy would be troublesome up here. Or maybe WP just doesn't have the data.

FWIW, there are cheap providers of SMS over SIP, now. I have a DID through voip.ms that can send and receive SMS, and it's cheap.

link
embeddedsystems 1945 days ago
Yes, these are blocked at most services already. Definitely blocked by banks. Need short code ability to be used too.
link