RagnarokOnline@programming.dev
on 28 Mar 2024 12:39
nextcollapse
Thanks for posting — sounds like rate limiting would fix the issue
sugar_in_your_tea@sh.itjust.works
on 28 Mar 2024 16:35
collapse
It would probably mitigate it, but not solve it.
sugar_in_your_tea@sh.itjust.works
on 28 Mar 2024 16:37
collapse
Massively freaking out that someone was trying to hijack his digital life, Chris said he changed his passwords and then went to an Apple store and bought a new iPhone. From there, he created a new Apple iCloud account using a brand new email address.
Chris said he then proceeded to get even more system alerts on his new iPhone and iCloud account — all the while still sitting at the local Apple Genius Bar.
Chris told KrebsOnSecurity his Genius Bar tech was mystified about the source of the alerts, but Chris said he suspects that whatever the phishers are abusing to rapidly generate these Apple system alerts requires knowing the phone number on file for the target’s Apple account. After all, that was the only aspect of Chris’s new iPhone and iCloud account that hadn’t changed.
So all you need to initiate a password reset is your phone number? That’s not great…
threaded - newest
Thanks for posting — sounds like rate limiting would fix the issue
It would probably mitigate it, but not solve it.
So all you need to initiate a password reset is your phone number? That’s not great…