On a weekday in January, despite having multiple levels of “lock” on my cellular account, someone hijacked my SIM and phone number at 9:43 AM. I use my phone for MFA on 33 accounts. This is what happened next. THREAD:
At 9:43 AM I received an email saying a new device was registered to my number. I knew the attackers did not have access to my email or bank accounts. I was certain they could not access my MFA because I do not use SMS for MFA.
I was able to contact the cellular provider and get my SIM back within 28 minutes. None of my corporate accounts were compromised. None of my cryptoasset accounts were compromised. None of my servers or social media accounts were endangered.
We have a criminal investigation open, but it doesn’t matter what they end up finding, because my SIM is not the “weak link” in my security chain. I use Authy, with multiple backup devices, and (most importantly) “multi-device” turned off.
Anywhere you can use google authenticator you can use Authy. I recommend using that plus a password manager and a yubikey. But make sure you turn off “multi device” once you get your backups set up. Do not “trust” your cell provider. They are not trustworthy.
You can follow @RayRedacted.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.