Carrier was social-engineered by hacker to steal man’s two-letter Instagram name.
by Sean Gallagher - Nov 3 2014If you think the two-factor authentication offered by Google and other cloud services will keep your account out of the hands of an attacker, think again. One developer found out this weekend the hard way; Google’s account protection scheme can be bypassed by going after something most people would consider an even harder target—the user’s cell phone account.
As Wired’s Mat Honan found out two years ago, customer service representatives are the weakest link in cloud security. And mobile phone carrier customer service representatives are just as susceptible to social engineering attacks, apparently. That’s what Grant Blakeman, an independent software developer and designer, learned when he woke up to find his Google account’s password had been changed and his Instagram account—desirable because of its two-letter name (@gb)—had been hijacked despite the use of two-factor authentication on his Google account.
Full Article.