

Anatomy of a hack - gr2020
http://www.theverge.com/a/anatomy-of-a-hack

======
rilita
Summary of process:

1\. Used mail.com, which was apparently vulnerable to some hack that allows
resetting the password for accounts.

2\. Hacker was able to setup call forwarding for the person's phone, with only
the email address to prove identity ( and perhaps information taken from
emails )

3\. Hacker was then able to reset gmail account even with two-factor auth, by
having the two-factor number read out via voice via call forwarding.

Email is pretty much the problem here entirely. Using an insecure email host,
and having access to your email be able to access thousands of dollars worth
of bitcoins... is terrible.

Do you trust email hosts in general? I certainly don't.

~~~
smt88
Related to #1: Mail.com doesn't offer two-factor auth, which is disgraceful.

