Patrick Seemann on Nostr: npub1h4u9t…ccnpk based on ...
npub1h4u9t4zqcp8w3gkfzyfwrmqxehrj807gshkkjkyq5j9nnqaq0qkqmccnpk (npub1h4u…cnpk) based on https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/, but that one doesn’t have more details.
2FA codes and password reset links *usually* are only valid for a short period of time, so finding a database with old codes/links most likely doesn’t pose a risk. A bad actor monitoring the DB in realtime probably would have been able to reset passwords and (depending on the design of the password reset screen) take over accounts.
2FA codes and password reset links *usually* are only valid for a short period of time, so finding a database with old codes/links most likely doesn’t pose a risk. A bad actor monitoring the DB in realtime probably would have been able to reset passwords and (depending on the design of the password reset screen) take over accounts.