Hacker News new | ask | show | jobs
by 33Backpack33 1916 days ago
When you consider SMS 2FA is often used to fix the poor or reused password problem we see it's not helping much at all but only delaying the problem.
1 comments
ryanlol 1916 days ago
That’s bullshit, nobody is going to bother with attacks like this to steal your uber or doordash account. SMS 2fa kills credential stuffing attacks for all but the highest value targets.
link
33Backpack33 1916 days ago
You do know uber and doordash accounts are hacked all the time because of password reuse? There is a huge black market for hacked accounts from doordash and the like.
link
ryanlol 1915 days ago
That’s my point. These accounts are worth a couple of dollars, nobody would spend $50 on a hacked uber or doordash account.

These accounts are only worth anything as long as they’re cheaper and easier to use than stolen credit cards.

link
33Backpack33 1915 days ago
The original VICE article said it was $16 and they can take as many accounts as they want. It seems worth it to me.
link
ryanlol 1915 days ago
Yeah, because that $16 plan is totally going to last for long after people start abusing this at scale.
link