It's scary how dependent I've become on technology & infrastructure. Let's both try to do a few things in 2023 to make ourselves less dependent so we can survive it all suddenly disappearing. We don't have to be a full-blown prepper but let's make sure we have the basics 🙏
The recent @LastPass hack has really opened my eyes learning a hard lesson watching someone I don't know from a country I've never been to lock me out of my money, ability to work, investments, communication in just a few moments & I felt completely powerless to do anything.
What happens when you try to buy food or medicine and get arrested for fake ID & identity theft when you're the real person? What if you can't get into your own home because your biometric lock says 'no'? We're becoming way too dependent on technology that is very vulnerable.
I think it's important that we all make sure we have physical access to enough resources 24/7 to survive breaches in this infrastructure allowing us time to recover. Also make sure you have access to physical documents like ID, SS card, birth certificate, etc. It's critical!
When you get hacked and have your identity stolen & get locked out of everything, you're only chance at getting it back is to prove that you're the true owner of everything that taken. That's harder than you think if the hack is through and involves identity theft.
This hack has been an expensive lesson but a very informative one that I hope to spin into a positive helping others avoid this type of thing or recover from it as quickly as possible if it happens to them. I got complacent thinking I was secure & realized quickly that nobody is.
So, do me a favor and make sure you always have access to some physical cash, physical offline ID documents, food, water, medication & other essentials you can't easily do without for at least a week. Also, don't place your security in the hands of others like password managers.
I trusted @GoTo@LastPass when they said their encryption couldn't be broken & their 2FA authentication would prevent anyone from accessing my data without a master password, biometrics or physical access to my smart phone. Big surprise, they lied 🤦♂️
The truth is none of these companies can make any such guarantees since nobody at the company knows every single line of code in the product or every single log & database entry created by their software directly or indirectly. All it takes is one oversight or screw up & boom 🤯
No matter how much encryption they use, if the password or something that bypasses it exists in any way shape or form it's just a matter of time before a hacker gains access to it through social engineering or exploiting flaws in code & now they have everything you put in there.
LastPass for instance has "Secure Storage" for your Social Security #, Drivers License, Credit Cards, Bank Information, etc. Basically, everything someone needs to become you or take everything away from you. Unfortunately, LastPass leaked the database so 2FA couldn't protect me!
And not only did they leak the database, but they also leaked password hashes, salts, source, personal information, source code, encryption keys, etc. And truth is they are still finding new stuff the attackers got only after they used it to hurt people like me & that sucks!
This attack could have happened to any other password manager though since it was ultimately human error that leads to the escalation of access from the attacker, and they looted everything before they even noticed they were breached. That's how it usually happens, stealthy.
LastPass honestly didn't even know they were breached until they found their own data on the Dark Web which is crazy. How many other people are running around collecting data that haven't tipped off the companies yet? Remember the solar winds attack? What about back doors? 🤔
The only thing that can improve your security is not trusting anyone else with it. Use different usernames & passwords on every site. Make sure you never keep around 2FA backup keys or TOTP pass phrases. Print them on paper & store them securely & never entrust password managers!
Also make sure that every single email account you own has 2FA configured using both an alternate email address for password recovery that isn't known publicly using different password and different 2FA auth. This ensures if it does get hacked you can get it back quickly!
The truth is you can't guarantee you won't get hacked. But you can make it so damn difficult that it's not worth the hacker's time and in the event, it is worth their time you can make it possible for you to recover the account quickly from them. Also, don't store ID info online!
I made the mistake of trusting @LastPass and put everything in their & the attackers got it all. I never so much as got a single SMS message with 2FA attempt to enter my account because they utilized leaked 2FA recovery keys stored in the leaked LastPass database. 🥷
Also, to add insult to injury they managed to lock me out of LastPass so I couldn't even get in because the 2FA backup code they used to allow them to do it silently without me being contacted. They wanted to ensure I couldn't use it to try & login while they plundered.
It was only dumb luck that I had biometrics enabled on my iPhone LastPass app and it was still trusted so I was able to login with my face. That allowed me to lock them out and spin the LastPass 2FA keys so I could start going through & changing passwords as quickly as I could.
Also, during this whole thing @LastPass was ignoring my requests to lock down the account via DM on Twitter which was very frustrating to say the least. Had I not got control of that account back I wouldn't have been able to login to anything else to recover & change creds.
I felt so powerless seeing an Elon Musk crypto scam live stream running on my YouTube channel to my 840k subscribers & I had no way to reach them. It was one of the worst feelings I've ever had. I had to frantically work to get my own channel flagged into the dirt on Twitter.
And the only reason I had Twitter access still was because I never put the 2FA backup codes in LastPass for Twitter so they couldn't bypass 2FA but they didn't attempt to try and change the password unsuccessfully. Had I lost Twitter I couldn't have reached anyone about the hack.
Ultimately, I had to use Twitter to get @TeamYouTube to notice what was going down & work with them to get my email back after 2 days & get back most of my YouTube channel in 7 days but it took literally days to get the videos set public again and deal with bugs & fallout.
If you made it this far reading this massive thread, I want your takeaway to be that you should never place convenience over security. Also, never leave your wallet next to your car keys. Spread out your security & make it difficult for a hacker to get in or stay in 🙏 #Security
If you want extra credit, DM the person they claim will help you recover your account & mess with them while also reporting that account also 😎 If you get that boss account deleted then all the past bot tweets are invalid & they lose touch with all current victims! 👍 #ScamBait
If you end up getting a scammer to engage, please screen shot it & tag me 🙏 I want to start showing people how angry these scammers get so hopefully they will also get involved in #ScamBaiting to turn an attempt to victimize someone into entertainment for the masses 🍿 #Scammers
• • •
Missing some Tweet in this thread? You can try to
force a refresh
According to @GoTo the makers of @LastPass they don't store peoples credit card information, bank information, social security numbers or any other personal data so people shouldn't worry about identity theft from the breach 🤔
Also, at no point did @Goto or @LastPass contact me even though I'm one of the "small number of people impacted" they talk about in their response 🤬 Hell, they couldn't even help me recover my account back from the attackers. I was lucky enough to have an iPhone with FaceID 🙏
I hope you guys all retweet the hell out of this story and everything you see about it. @LastPass is despicable and now they are even trying to charge free account holders to upgrade to pro in order to get features to help them recover from the breach they caused themselves!
I always get a little excited when I convince #ChatGPT to do something it normally refuses to do 🏆
It wouldn't make me an email list of common names, but it would make a list of names with extra stuff added on the end on subsequent prompts 😉 #OpenAI#gpt3
PS: None of those email addresses are real so far as I know. They are just different permutations based on input to ChatGPT 🤣 So if you think somehow you're going to reach any of those people you're dreaming. But you might find a scammer camped out on their name 🍿
🔥 Had @LastPass not leaked their entire password database I would be safe right now even if attackers has my real password. They claim this is a “feature” that makes them extra secure. This is on them but I was dumb enough to believe they could keep their data & source safe 🔥
Remember when CAPTCHA was billed to us as free cutting edge bot detection when in reality we were all training Google Maps to read street signs & OACR for digitizing books & optimizing search? 🤔
If something is free then you’re ALWAYS the product 😎 #OpenAI#ChatGPT#AI
However this time they trained the heck out of the model to give it a solid foundation before allowing the public’s to start poisoning it. And now adoption is so high that good information outweighs bad information & it’s still being curated & hand held to gravitate towards truth
I don’t know how any other company will be able to catch up with @OpenAI and @Microsoft are so far ahead. But I look forward to seeing other companies try and they will have to now. They have no choice at this point since conventional search is garbage now by comparison.
I absolutely love #ChatGPT and think it is one of the biggest leaps forward in technology we have seen in our lifetimes revolutionizing how quickly we can acquire & apply knowledge.
That's why it sucks that @Microsoft basically controls it since it can't exist without @Azure 🤣
So, enjoy these early days of the technology where it's the wild wild west and you can still get some truly unique experiences with it because once it's a retail product it will have its wings clipped for anything that would enable someone to develop their own AI or rival MS.
Microsoft really needs to keep their foot on this technology and make sure it isn't replicated by anyone else. Remember, the code isn't what makes this product special, it's the training & dataset which is all empowered by the 2nd largest datacenter in the world @Azure.