A simple social recovery method of 3 contacts approving could lead to mass takeo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		est31 on Nov 28, 2021 \| parent \| context \| favorite \| on: My friends Instagram was hacked and deep-fake vide... A simple social recovery method of 3 contacts approving could lead to mass takeovers if the attacker gets a hold onto multiple accounts. Often, a group of say 3 attacker controlled accounts doesn't just have one friend in common but multiple. As long as the graph is 3 connected and the attacker starts out with a group of accounts that can take over one more account, the attacker can take over the entire graph.

aqouta on Nov 28, 2021 [–]

There are ways around this. Just having each account only able to do the verification thing occasionally and resetting that timer when it's done on your account make this a very slow process that manual intervention should be able to thwart.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact