A technologist known as regexer received an email stating that he had successfully reset his account at the cryptocurrency exchange Coinbase.
Unfortunately, and concerningly, he had not sought a password reset. Regexer, who wished to be called to by his online alias for fear of being targeted by hackers again, quickly knew he was being hacked, and his attempts to reclaim control of his Coinbase were futile.
Details about Hackers stole Coinbase and the 2FA software from a Google Fi hack victim
He soon discovered that he had no cell phone coverage. Then, his two-factor authentication programme, Authy, told him that a new device had been added to his account. After gaining control of regexer’s cell phone service, the hackers were able to reset his passwords and intercept two-factor SMS messages. According to regexer, this let the hackers to take control of Authy and use the 2FA codes generated by the programme.
This offered them the opportunity to break into even more regexer-owned accounts.
“I have no idea what the hell is going on. “I am completely owned,” regexer told TechCrunch of the incident.
Regexer, unsure what to do, began changing passwords on his other critical accounts, which had not yet been stolen. Then, on a whim, he toggled his iPhone’s aeroplane mode on and off. His cell phone service was eventually restored.
Regexer isn’t sure if going on and off aeroplane mode is what stopped the attack, but he’s delighted it did.
Regexer had no idea how he had been hacked for weeks. Then, on Monday, he received an email from his cell phone provider, Google Fi, telling him and all other subscribers that hackers had taken some of their personal information, most likely as a result of the recent T-Mobile incident.
Unlike the emails sent to other customers, the email regexer received had more extensive information about the hack he experienced weeks before.
“Other data relating to your Google Fi account, such as a zip code and the service/emergency address associated with your account, may also have been accessed without authorisation,” stated the email, which regexer shared with TechCrunch. “In addition, on January 1, 2023, for about 1 hour 48 minutes, your mobile phone service was transferred from your SIM card to another SIM card. The unlawful access could have involved the use of your phone number to send and receive phone calls and text messages during the time of this temporary transfer. Despite the SIM switch, your voicemail could not be accessed. “Google Fi service has been restored to your SIM card.”
Regexer stated that he spoke with two Google Fi customer service professionals in an attempt to learn more about what occurred, but none of them told him anything. Regexer also found no sign that his Google account, which is linked to his Google Fi account, had been compromised. It’s unclear how the hackers performed the SIM switch.
Google has yet to react to a comment request. And it’s unclear whether or not other persons were deliberately targeted by hackers in the same way that regexer was.