Yup and that’s the infuriating part. It’s not helpful or useful, it 100% a cya.
Comment on Don't worry, we only lost the dangerous parts... not something personal like your dob
Nighed@sffa.community 11 months ago
Isn’t it saying that they didn’t have those bits so couldn’t loose them?
It would have been more useful (but look worse for them!) If they just listed what was lost…
punkcoder@lemmy.world 11 months ago
Nighed@sffa.community 11 months ago
Your title implies they lost all the bad stuff though
punkcoder@lemmy.world 11 months ago
With the IMEI and SIM card information they now have the details needed to take over MFA. I share my birthdate with people that I casually know, I try not to do that with MFA codes. Credit card details would be bad, but at this point with the number of people who have leaked it, I would be 100% surprised if you couldn’t find our CC data via a google search.
stardreamer@lemmy.blahaj.zone 11 months ago
Setup TOTP NOW. Mint added proper TOTP authentication as MFA a while back that should block sms based MFA. Might be a good way to prevent sim swapping attacks.
Wxfisch@lemmy.world 11 months ago
The reality is they may not know exactly what was obtained, but they do know it wasn’t anything they don’t collect (like DOB, SSN, etc listed in the message). Instead of looking at this purely as a CYA message, instead looking at it as informing you as soon as they had any idea your information may have been impacted instead of waiting weeks/months to inform you. Don’t let perfect be the enemy of good.
zaph@sh.itjust.works 11 months ago
Don’t let perfect be the enemy of good.
This is nice. I’ma keep it.
squirmy_wormy@lemmy.world 11 months ago
Isn’t the bulleted list the stuff that was lost? They say “we don’t have govt id stuff so that can’t be stolen, the CC info wasn’t affected, here’s the info that was potentially hit”
This seems like a great email to get.
cybervseas@lemmy.world 11 months ago
I don’t think people understand the impact of IMEI and SIM serial being compromised. I’m not sure I fully do, either. This feels like when a mechanic gives you too much technical information that you don’t know how to process.
squirmy_wormy@lemmy.world 11 months ago
I definitely don’t either, but I sense that the email itself is supposed to be the infuriating part here. The scenario is mildly infuriating for sure, but the email itself is still about as good as you can get in my opinion. Quick, clear about what could be hit.
can@sh.itjust.works 11 months ago
I was also wondering this. How often is this information available to apps/websites?
cybervseas@lemmy.world 11 months ago
Mint is a mobile carrier so they have this information about your phone.
corsicanguppy@lemmy.ca 11 months ago
I thought it was a nice tidy list too.
How is it so hard for people to read?
Alto@kbin.social 11 months ago
People really, really hate clicking past the post, even if it's just to a screenshot.
Heaven forbid its an article
Nighed@sffa.community 11 months ago
My bad, app wasn’t showing the entire image. I need to try the other apps.
FuglyDuck@lemmy.world 11 months ago
To clarify for people wondering, SIM and IMEI information is how the system knows your phone is… your phone.
Cloning it is supposed to be hard, but with it, they can receive 2FA messages like “Is This You? Text Y back!”.
It’s actually super easy, if they have enough information, to convince a carrier’s customer service that they are you (remember… never work the system when you can work the people who manage it.)