Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> which is much, much worse.

This attack wouldn't have been possible if they didn't allow SMS 2FA, so I don't think that's fair to say at all.



What if the users had no 2fa at all? attackers still had their passwords and their emails, and their sms numbers




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: