
My Instagram Hacker Changed My Life - mcone
https://www.wired.com/story/how-my-hacker-changed-my-life/
======
raybb
This was a great story but was there ever a follow-up article? Did the hacker
get to the USA?

Also, can anyone shed some light on how hackers can keep breaking into
instagram and twitter accounts that have just been stolen? I assume they
aren't brute forcing it, how is it that the hacker in this story felt like he
couldn't keep it secure?

~~~
tyingq
The hackers could be creating an API auth token after getting the first
password. So you change the password, but the auth token is still valid. They
can't use the normal Twitter interface, but they can do whatever the API lets
them do...send tweets, etc.

------
Rjevski
Pretty nice read, and I too am curious about how these hackers manage to steal
handles, especially the part where the hacker himself admits that there are
others out there who want to steal that handle - isn't basic security (no
malware, secure email password and 2FA) sufficient?

~~~
bitmover
A hacker stole my IG account. They found my phone number then called AT&T in
the dead of night and convinced them to forward my number to a Google Voive
account. Then they contacted my web host and used the number to verify it was
“me”. From there they had everything they needed.

~~~
misiti3780
That is terrifying. How can you prevent someone from being able to do this?

~~~
tyingq
Maybe don't submit your cell phone number as your official contact? Submit a
number that is less prone to social engineering changing it, like a VoIP
provider number that has no live human support.

