Hacked

So it seems the vector here was a URL that showed up in the address bar gave the attacker the ability to change the account password. Any theories on how that works?<p>A password reset URL would do this, but presumably the attacker wasn’t counting on the user forgetting their password (unless they had a way to force it?) And a usual “magic link” wouldn’t authorize the user to reset a password without confirmation to the original email, I would think?<p>I wonder if it was not a URL, but an OTP code that was visible on screen by showing up in a notification.

I love the lord of the rings &#x2F; phone metaphor

“I just need to see your screen” got a solid laugh from me

If I received an email from a legitimate representative of the Tim Ferris show I&#x27;d be more likely to suspect a scam than if I received a typical phishing email.

There&#x27;s always an slow excuse build up before the presentation of the folly. I rarely find it convincing. Not least of all, here.<p>That it was Tim Ferris makes this almost feel like satire. :&#x2F;<p>Android makes it pretty easy to completely invert the control here. My phone does not make noise, does not vibrate, and does not show notifications on the top bar. I see them when I&#x27;m ready to see them. Unless of course I&#x27;ve excepted them (certain apps, or even specific WhatsApp convoys, etc) from this, and given them priority, for truly important things.

&gt; If anyone knows Mark Zuckerberg, please tell him to return our account Facebook Account, please.<p>I&#x27;m surprised no one at Meta fixed this yet. The Perry Bible Fellowship is a really established web comic.