|
|
|
|
|
|
by ozim
1839 days ago
|
|
|
Maybe it would make it more clear that this was not 2FA attack. It might be confusing but that was account recovery attack. For account recovery there is no "password" as thieves just made their own password while having your phone number. So phone number as a password recovery option is not secure without any additional checks. Not 2FA because with this attack there was no second factor. |
|
|