Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

And apparently the phishing attack phished both password and 2FA for getting into the intranet. So whatever 2FA they used internally didn't help.


Yeah, but every crisis is an opportunity and this is an opportunity to scare people into coughing up PII that advertisers love so much.


TOTP doesn’t expose PII.


True, but the email required to enable it (arguably) is.

Reddit is far from the worst offender in this area. I should have specified my opinion as a more general one.


Most sites don't let you register at all without an email.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: