Shared publicly  - 
This story is scarier than the top 5 horror movies combined.  This is a good opportunity to make sure that you:

- Backup your valuable data!
- Turn on two-factor authentication for your Google account (
Johan Sundström's profile photoDaniel Kuffner's profile photoDario Freni's profile photoGeorge Georgalis's profile photo
And removed all your credit cards from your Amazon account. (And for that matter, from anyone else who stores the last four digits.)  What a fiasco.
This freaked me out!, signed up with Google 2 factor auth. Thanks #google
Unfortunately, it doesn't appear that two factor authentication would have prevented this particular attack. Instead, it used social engineering to bypass the normal authentication systems. That he had stopped backing up his data only added to the impact of the security breach.
Two factor authentication might not have been enough to prevent this attack, but it would have reduced the available vectors.

FTA: "Because I didn’t have Google’s two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, m•••• Jackpot."
Sorry. I'd been slumming through the comments for so long that I'd forgotten that detail.
There are way too many details to get in one or two passes.  This article probably serves as the basis for a mini-book on personal web security. 
Add a comment...