Account was compromised, questions about how they got past 2fa
This morning my account was compromised once my email provider was hacked. They were able to request a change pw link and get in / change my PW. How is this possible with out the 2fa key?
Another question is… I locked my account instantly after getting the you PW has changed email, changed PW, and am in the process of unlocking it but is there anything I can do to see if my assets are safe? Sent in my ID and Unlock request… going to be a long 7 – 10 busniess days if I cant get any peace of mind…
Did you happen to have your ~~private keys~~ recovery phrase saved in any digital format? 2FA won’t do anything to stop someone who has access to your ~~private keys~~ recovery phrase. This is why it’s so important to write them down/print them and never save them on a computer.
Edit: I misspoke. I meant “Recovery Phrase”
You need 2fa on your email as well.
Maybe they did social engineering by making a replica of your IDs and telling the company they lost their phone, and the 2fa also. My friend could bypass the 2fa on his own account by showing IDs to Binance support.
You have gmail? If so, that’s how they got your 2fa if using google Authenticator.
good time to hodl