bestov.io

a tech bläg

A security post-mortem & the (shamefully) flimsy security of Meta, Inc.

Andrea has a small content creation business. They’re what the youngsters call an influencer, and as such, among their equity, they possess very valuable social accounts with a valuable follower count. A few days ago, one of those accounts was hacked, using a classic vector: a stolen password, either leaked or phished, combined with 2FA phishing. This article is a post-mortem (and in a way a post-vitae), showing what we did to recover access to the account, and to secure it...