Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Off topic.

Last week wife got an email that her Facebook was logged into. Told her to open app and change password immediately.

Too late. Account email and phone number already changed. No way to use old ones to get control back.

15 year old account with a huge amount of memories gone.

Best possible was to indicate a problem, so account is disabled. But no way to use it anymore.

Apparently this has happened to around half of her cohorts. It’s now part of life to just make new accounts periodically.

Utterly shocking that account email and phone can be changed in 20 minutes and no way to change them back.



A teaching moment for using strong passwords.


That’s missing the point. And frankly victim blaming.

Allowing all the security info to be changed moments after logging on with no way to put them back is absurd.


The reverse compromise, where the email is hacked would require exactly that though. It's not a problem with one solution. It's many problems that require a human point of contact.


It's actually a moment for 2FA.

Also the other commenter is right about victim blaming. The notification about a suspicious login should give appropriate options to safeguard one's account from a takeover.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: