-
“The intent was to make funny tweets, as Matt Walsh likes to ‘trigger’ people,” said Doomed, who declined to provide his real name. “We caused no financial harm, threatened anyone, [nor] ruined anything.” It was merely, he says, “a few silly words on social media.”
-
A pinned tweet on Walsh’s profile, which was suspended a few hours after the hacks began, read: “My Pronouns Are That/N***a.”
-
The hack was accomplished, Doomed says, using a technique known as SIM swapping. The attack typically involves hackers tricking a cellular provider into switching a victim’s phone number to a SIM card the hackers control, rather than the one in the victim’s phone. Doomed, however, claims Walsh’s phone was compromised with the help of an “insider.”
Like I was saying, someone at the phone company did it.
-
In addition to his Twitter account, Walsh’s Google and Microsoft accounts appeared to have been compromised, granting Doomed unfettered access to the right-wing host’s private emails.
-
Several screenshots were provided as proof of the intrusion, including an apparent copy of Walsh’s W2 tax form, which lists his employer as Bentkey Services, LLC, the publisher of the Daily Wire.
-
Other images included a direct message on Twitter from Shapiro from 2017; emails between Walsh and the conservative commentator Steven Crowder, host of the Louder with Crowder podcast, dated March 2014; and a photo of Walsh holding up a paper dated November 2020—apparently used to authenticate some type of accompanying message.
-
The hacker, who acknowledged he was merely “bored” and felt like “stirring up some drama,” also used Walsh's account to plug what he called a “silly ironic LGBTQ rap song” written by a friend. One tweet read: “I Ain’t A Gangsta, I’ma Sassy Shoota.”
-
Likely to the chagrin of Walsh’s online detractors, Doomed says he has no plans to continue plaguing the self-described “fascist,” telling WIRED that he’s already signed out of Walsh’s accounts and has even tried returning his access.
he's back: https://twitter.com/MattWalshBlog/status/1648819856773357568
And once again: DO NOT USE YOUR PHONE FOR 2 FACTOR AUTHENTICATION! This has to be emphasized, your phone is not a safe 2FA and never will be. Not just because of this but in general if you have someone who can do social engineering really well they can get your SIM and you are fucked. The only way to be 100% secure(for now, who knows what happens next) is a hardware key. They are a hassle but a lot more secure. Also maybe think about using a password manager with a strong PW and just get random PWs for everything.
SIM swapping doesn't transfer application data, so the various software OTP applications have some utility left.
I specifically meant SMS authentication, should've said that though, lol. My bad
Yes, software for that is also still fine, the most secure still is IMHO a hardware key just because it's so versatile in where it can be used. I am kinda unhappy with how some still only provide SMS.