What tech security problem is likely going on, and how to fix it?
September 18, 2023 6:53 AM   Subscribe

Someone close to me is experiencing multiple calls to people in their contacts list apparently being spoofed from their phone number. Additionally, about a month prior to this, their Twitter was hacked. They are familiar with basic digital security and not to click on strange links, and say they haven't done so. What is the most likely reason for these two incidents, and how can they stop it? Additionally, what digital security measures should they take to protect themselves moving forward?
posted by corb to Technology (4 answers total) 2 users marked this as a favorite
I mean not knowing more details, I would assume that their twitter password was a reused password that leaked previously or it was a weak password, and that 2fa was not in use. Once on twitter, they could cross reference contacts and pull profile data. But that is all just guessing.

Use 2fa on any site that has it.
Use a password vault like 1Password and use unique generated passwords on each website.

Some password vaults will compare your data to known leaks and warn you to be responsible and change your password. I know Google, 1Password, and Lastpass do this. Listen to them.

GoogleOne (I think this is a feature of GoogleOne and not just normal Google but I'm not sure) has this "dark web" security scanner that will take your profile info (and your passwords if you store them with Google) and tell you what hits they find in known leaks and make recommendations. Some of them you can't really do much about unless you're willing to change your phone number or email for example. But it might explain why you get some of the spam or cold calls that you do. I know I get a lot of random ass cold calls that have got to be from a LinkedIn leak years ago.
posted by cmm at 7:53 AM on September 18

Response by poster: Sorry, so: if Twitter was hacked, they could get a list of the phone contacts without necessarily having to hack the actual phone itself? That's one of the concerns worrying my friend most, that the full phone itself is fully compromised.
posted by corb at 8:27 AM on September 18

In addition to cmm's suggestion, another way this could have happened is if their twitter account used a gmail address as the recovery address, their gmail password was weak or a reused password that leaked, and their gmail account did not use 2FA. The hack would have actually started at getting access to their gmail account which would have gotten them access to all of the information from old emails and the contact info from Google Contacts. Once they had access to the gmail account they could then have done a password reset at Twitter. A month later, whether or not the hacker still had access to the gmail account, the information scraped from the hacked gmail account could be used by the hacker to try to hack additional individuals using the information from the contact list.
posted by RichardP at 8:28 AM on September 18 [1 favorite]

If you suspect any account is hacked , best but most fiddly option is to list all known accounts and go into every one and enable 2fa, change password, and review recovery options . I use a password manager that has a security center showing me both duplicate passwords and ones that have appeared in hacker databases.

If they have never done this it is a hassle but a good exercise. Start with the accounts you use as recovery options for the others. That means change email passwords and set 2fa there first.

If you aren’t constantly bombarded by texts and emails saying “is this you?” And “ warning, sign on from new device detected “ you’re doing it wrong :-)
posted by caviar2d2 at 9:30 AM on September 18

« Older Is pet insurance worth it?   |   Calendly but free Newer »

You are not logged in, either login or create an account to post comments