Los lee cualquiera
Los SMS no están encriptados, eso significa que muchas personas pueden interceptarlos y leerlos.
Hay muchas maneras de hacerlo, y la más simple es clonando la SIM haciendo ingeniería inversa:
Cualquiera que sepa tu fecha de nacimiento, nombre y apellido y algún otro dato que pidan en una empresa de telefonía, puede pedir un chip declarando el tuyo como extraviado.
Lo hacen todo el tiempo!
Y solo hay que llamar dos veces para saber qué datos piden, desde algún número registrado de otra persona (aka novia, tía, abuela).
Por eso usar 2FA en SMS es lo mismo que no usarlo, pero no todo termina ahí.
Cada 2x3 hackean grandes bases de datos, incluso desde gobiernos:
O empresas de telefonía que eventualmente deberían ser seguras:
Así quedan muchísimas personas expuestas a quién sabe qué situaciones a futuro (!)
https://securityintelligence.com/articles/chatgpt-confirms-data-breach/
My identity was completely stolen
Western Digital had a data breach
Brecha de datos masiva afecta a 14 millones de miembros de la Asociación Americana de Abogados
Y la lista es enorme, pero te copio algo como para que tomes dimensión de la realidad
Y no te quedes con el relato de que las empresas cuidan ¿TU? seguridad.
Lista de datos robados en Australia en el 2022:
Microsoft – October 2022 Microsoft data breach exposes customers’ contact info, emails
AFP – October 2022 AFP classified documents hacked in data leak, exposing agents fighting drug cartels
Vinomofo – October 2022 Online wine seller Vinomofo hit in major data breach
Medibank – October 2022 Medibank admits personal data stolen in cyber attack Medibank Group detects cyberattack, takes several services offline as a precaution Medibank receives contact from hackers | Group requests negotiations over customer data.
Woolworths MyDeal – October 2022 Woolworths MyDeal becomes latest target of cyber attack. What information was leaked and what can you do if you’re affected? Woolworths says data of 2.2 million customers of its MyDeal website has been exposed
Optus – September 2022 Optus attack exposes customer information | Personal details of 1.1 million customers purportedly offered for sale.
Uber – September 2022 Teen hacker gets into Uber, announces data breach on chat software Uber investigating ‘cyber security incident’ after report of breach | Company forced to shut internal communications and engineering systems. Uber Investigating Massive Security Breach by Alleged Teen Hacker Uber in ‘unforgivable’ security breach
Fremantle Football Club – September 2022 Fremantle apologise for AFL data breach
TikTok – September 2022 TikTok Hacked, Denies Security Breach Allegations TikTok denies security breach after hackers claim to have records of more than a billion users
LastPass – August 2022 Password manager company LastPass reports major security breach | The company – which has more than 25 million users – says hackers stole parts of its source code and other sensitive data. LastPass was hacked, but it says no user data was compromised
DoorDash – August 2022 Aussies’ sensitive details at risk after global data breach | Popular food delivery service DoorDash is investigating whether credit card and contact details of Australians have been leaked.
Facebook – August 2022 A Facebook glitch has affected users worldwide. So, what went wrong and has there been a data breach?
WA Health – August 2022 WA Health Department apologises for monkeypox data breach of passengers on flight from Doha to Perth Nurse responsible for major monkeypox data breach in Perth Health Department under fire as personal details of monkeypox plane passengers sent out in email
Cisco – August 2022 Hackers Breach Cisco and Steal Data, But Fail to Deploy Ransomware
Twitter – August 2022 Twitter confirms personal details of millions of account holders compromised Twitter says zero-day bug leaked account data More than 5 million Twitter accounts impacted by recent data breach
University of Western Australia – August 2022 Student details, photos exposed in University of WA data breach University of Western Australia Student Details Exposed in Data Breach University of Western Australia Confirms Student Details Exposed in Data Breach University of Western Australia: Police charge man over major UWA data breach
Uber – July 2022 Uber confesses it covered up a huge data breach | Confession comes as part of DoJ settlement Uber settles with DOJ for failing to disclose breach that exposed 57 million users’ data
Perth Festival, Black Swan State Theatre Company – July 2022 Perth Festival, Black Swan Theatre and other arts organisations hit by major data breach
Victorian Government – July 2022 Students, travellers and staff exposed as Hotel Quarantine data breach revealed
Woolworths – July 2022 Woolworths denies data breach after outraged shoppers claim Everyday Rewards hacked
Marriott – July 2022 Marriott suffers yet another data breach
Mangatoon – July 2022 Millions of comic book fans have data leaked after Mangatoon breach
China Police – July 2022 Private information of more than 100 Australians exposed amid huge China police data leak
Deakin University – July 2022 Deakin University reveals breach of 47,000 students’ details | Subset targeted with smish sent via officially-used SMS channel. Data on Almost 47,000 Students Exposed in Deakin Uni Breach Hackers target Deakin Uni
Deakin Uni AMD – July 2022 AMD is investigating a serious potential data breach | An attacker claims to have stolen 450Gb of sensitive data AMD Is Investigating a Potential Data Breach Allegedly Caused by Weak Passwords
OpenSea – July 2022 OpenSea customers warned to stay on high alert for phishing attacks | OpenSea email database exposed by third party NFT giant OpenSea reports major email data breach OpenSea users’ email addresses leaked in data breach
iCare – June 2022 iCare data breach due to ‘human error’, agency says iCare launches systems review after 193,000 claimants affected by privacy breach iCare sends private details of 193,000 workers to wrong employers
Department of Home Affairs – May 2022 Hundreds of classified Home Affairs documents believed sent to unsecured address in ‘serious’ breach of security protocols
NDIS – May 2022 Sensitive NDIS health data breached in client platform hack NDIS case management system provider breached | Updated: “Large volume” of sensitive health data exposed.
Spirit Super – May 2022 Spirit Super hit by data leak, 50,000 accounts exposed 50,000 super fund members impacted by data breach
APAC – May 2022 APAC organisations fail to disclose ransomware breaches
Facebook – May 2022 Facebook’s Zuckerberg sued for data breach Mark Zuckerberg, head of Facebook-owner Meta, is being sued in the US over the Cambridge Analytica scandal that compromised the personal data of millions
South Australian Government – May 2022 More than 90,000 South Australian public servants now involved in payroll data breach
National Tertiary Education Union – May 2022 NTEU becomes victim of data breach | NTEU servers were subject to a ransomware attack, a week out from University wide-strikes
Transport for NSW – May 2022 TfNSW hit by another data breach TfNSW hit by second cyber attack in less than 18 months | Confirms authorised inspection scheme system data accessed Data breach a Transport for NSW fail
Coca-Cola – April 2022 Coca-Cola investigating potential large-scale data breach | A new threat actor claims to have stolen gigabytes of data
Panasonic – April 2022 Panasonic hit by another major cyberattack | Almost 3GB of data taken in attack on Panasonic
Block (ASX:SQ2) – April 2022 Block (ASX:SQ2) share price jumps 6% despite reporting a data breach
Warrnambool Council – March 2022 Data breach was ‘not serious’
OKTA – March 2022 Okta says third-party breach may have impacted up to 366 customers – Hackers took control of contractor’s computer Lapsus$ hackers exploited Okta supplier’s security lapses – Allegedly found spreadsheet with login credentials. Okta investigates possible data breach – May relate to third-party customer support engineer targeted in January. Okta confirms hundreds of customers could be affected by data breach – January 2022 breach could have affected hundreds of Okta customers
Microsoft – March 2022 Hackers Post Images Showing Possible Microsoft Breach – The same cybercriminal group that recently breached Nvidia briefly shares a screenshot that suggests the hackers also gained access to Bing’s source code. Microsoft Azure DevOps targeted by hackers ‘Single account’ compromise led to Microsoft’s Lapsus$ code leak – Attackers were interrupted mid-operation
Ubisoft – March 2022 Ubisoft says ‘cyber security incident’ last week shows no evidence of data breach – Ubisoft’s IT team is working with external experts to investigate the incident, which took place last week. Ubisoft fans need to change their passwords now – Ubisoft player data should still be safe
Nvidia – March 2022 Over 71,000 Nvidia accounts have personal data leaked following hack Nvidia says employee, company information leaked online after cyber attack Nvidia hackers claim they also hit Vodafone, threaten data leak
Samsung – March 2022 Samsung confirms data breach after hackers leak internal source code Hacking group allegedly leaks 190GB of data from Samsung Nvidia hackers hit Samsung and leak huge data dump Samsung hit by major data breach — Galaxy device source code stolen Samsung Galaxy source code targeted by Lapsus$ Samsung confirms hack: is your TV or smartphone at risk?
Toyota Motor – March 2022 Toyota suspends domestic factory operations after suspected cyber attack | 13,000 vehicles held up after supplier hacked
NSW Government – February 2022 Sensitive addresses among more than 500,000 leaked from NSW Government database NSW nurses strike as data breach defended Sensitive business addresses among 500,000 published in COVID data breach
News Corp – February 2022 News Corp reports cyber data breach News Corp reports cyber data breach Chinese hackers believed to be behind News Corp data breach
Red Cross Australia – January 2022 Locations and contact data on 515,000 vulnerable people stolen in Red Cross data breach Australian Red Cross clients potentially caught up in international cyber attack Red Cross cyberattack sees data of thousands at-risk people stolen Red Cross Cyber Attack Exposes Data of 515,000 Vulnerable People Australian Red Cross warns clients of potential security breach Aussie Red Cross flags potential cyber breach Australian Red Cross clients potentially caught up in international cyber attack Red Cross hackers exploited Zoho vulnerability to gain entry | Accessed case files of 515,000 vulnerable people held in encrypted database
TfNSW (Accellion) – January 2022 TfNSW finds more customers, employees impacted by Accellion breach
FlexBooker – January 2022 Scheduling Platform FlexBooker Discloses Data Breach Affecting 3.7 Million Accounts
Bunnings – January 2022 Bunnings private customer data exposed in data breach Bunnings Customer Data Breached Bunnings Confirms Some Customer Data Is Caught up in FlexBooker Breach Bunnings stresses little risk to customers from FlexBooker data leak Bunnings’ drive and collect customer data caught up in FlexBooker security breach on Amazon cloud Bunnings shoppers’ personal information potentially exposed to data security breach Bunnings customers caught up in international data breach
Incluso le roban datos a una empres que curiosamente vende seguridad y privacidad:
Te obligan a usar celular para controlarte
Porque no necesitas “tokens de seguridad” sino encriptar tu información.
Te piden usar dispositivos móviles para vender, pero además de eso, para vigilarte activamente.
Conociendo tu dirección IP y/o MAC, y sumando tus SMS, saben todo lo que haces, dónde estás y por dónde te mueves.
Tal vez no te moleste que el Estado sepa todo de vos, pero ahí arriba leíste que pueden hackear servidores oficiales y hasta eventualmente secuestrarte.
Suena terrible y muy lejano, verdad?
Imagina si el mundo sigue como viene, y alguien descubre todo lo que tienes, por qué calles transitas y que te logueas cotidianamente en exchanges.
Rompemos el riesgo (disminuyendolo)
Y de la misma manera en la que no tenemos 15 shitcoins e invertimos a consciencia, dejamos de usar lo que nos regala ante instituciones y criminales.
Los SMS siempre fueron y serán inseguros. Entonces elegimos usarlos pero de manera temporal y anónima.
Servicios para SMS anónimos
Luego de haber usado SMS4Sats, noté que es MUY de nicho, y ese nicho es bitcoiner.
Bitcoin no se caracteriza por ser privado y Lightning Network no es seguro. Entonces lo dejé de usar, porque al mismo tiempo dejó de funcionar.
Cuando intenté registrarme nuevamente en un servicio que uso sin regalar mis datos, noté que ya no jalaba más.
Así llegué a SMSPool, que acepta XMR, reconoce muchísimos servicios (Microsoft, Discord, Telegram, Mercado Libre, OpenAI) y es super económico.
Pagué USD 0.25 para validar un nuevo número en OpenAI y así usar un nuevo trial
https://smspool.net/?refferal=PjqGYp2gRn
Va con referido, uso varios números para los servicios que usamos en Criptonautas.
Tips importantes de uso
- Desde ventana incógnito en Firefox.
- Usando VPN y cambiando antes y después de entrar a las webs.
- Usando alias de e-mails temporales y verificando desde Thunderbird o algún cliente que bloquee trackers.
- Sin tipear tus datos (nombre, apellido, etc).
Alternativas a SMS4Pool
Su servicio es excelente, rápido, confiable y muy seguro. Puedes usar alias en tu e-mail desde Duckduckgo (e incluso registrarte sin e-mail).
Pero si por alguna razón no funciona, tienes varias opciones (porque siempre las hay):
https://blog.makeinfo.co/free-text-message-verification
