Submitted 11 months ago by punkcoder@lemmy.world to mildlyinfuriating@lemmy.world
Every time that there is a leak like this it’s infinitely aggravating how the spin department tries to downplay what happened. If you are using SMS based MFA you probably want to stop doing that now.
Not seeing anything in my email about this one. Is it a new one or from earlier this year?
This is fresh… came in early this morning. Not sure if they got all of them or a subset.
But with name, email, phone number, and sim card serial number, it’s trivial for a scammer to do a sim swap attack …
They should replace the SIM card to all users immediately, at their expense
I think leaks should come with stiff penalty. Like the CTO goes to jail, pays each person involved for a lifetime worth of damage, and then has their head and arms locked in an old timey wooden head and hands stock lock at the center of town square where the public gets to throw rotten food at their face. No but seriously, they need to pay people affected a lot of money for potentially fucking their credit up because that’s where this kind of data goes.
Your username is alarming
Don’t you mean intriguing?
They do know that that’s exactly the information that’s behind every scam right?
Nighed@sffa.community 11 months ago
Isn’t it saying that they didn’t have those bits so couldn’t loose them?
It would have been more useful (but look worse for them!) If they just listed what was lost…
squirmy_wormy@lemmy.world 11 months ago
Isn’t the bulleted list the stuff that was lost? They say “we don’t have govt id stuff so that can’t be stolen, the CC info wasn’t affected, here’s the info that was potentially hit”
This seems like a great email to get.
cybervseas@lemmy.world 11 months ago
I don’t think people understand the impact of IMEI and SIM serial being compromised. I’m not sure I fully do, either. This feels like when a mechanic gives you too much technical information that you don’t know how to process.
corsicanguppy@lemmy.ca 11 months ago
I thought it was a nice tidy list too.
How is it so hard for people to read?
FuglyDuck@lemmy.world 10 months ago
To clarify for people wondering, SIM and IMEI information is how the system knows your phone is… your phone.
Cloning it is supposed to be hard, but with it, they can receive 2FA messages like “Is This You? Text Y back!”.
It’s actually super easy, if they have enough information, to convince a carrier’s customer service that they are you (remember… never work the system when you can work the people who manage it.)
punkcoder@lemmy.world 11 months ago
Yup and that’s the infuriating part. It’s not helpful or useful, it 100% a cya.
Nighed@sffa.community 11 months ago
Your title implies they lost all the bad stuff though
Wxfisch@lemmy.world 11 months ago
The reality is they may not know exactly what was obtained, but they do know it wasn’t anything they don’t collect (like DOB, SSN, etc listed in the message). Instead of looking at this purely as a CYA message, instead looking at it as informing you as soon as they had any idea your information may have been impacted instead of waiting weeks/months to inform you. Don’t let perfect be the enemy of good.