One has to wonder about sustaining access to a compromised account. Twitter in m... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		blindm on Aug 23, 2020 \| parent \| context \| favorite \| on: Finding vulnerable Twitter accounts with expired d... One has to wonder about sustaining access to a compromised account. Twitter in my experience has been very aggressive in asking to verify my account with a phone number when logging in from shady locations / with a VPN. What if you get access to an account using the method described in the article, but then days later get locked out due to suspicious-looking behavior / you don't have access to the phone number used to register the account?

paulpauper on Aug 23, 2020 [–]

you would remove the phone number after logging in. if it asks for the phone when longing in initially , then you are SOL. to prevent this, the hacker would make sure the location of the account matches the country of the IP longing in.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact