Saw a video of a youtuber that got his account overtaken which has 2fa enabled (not sure which method but I’m thinking sms). He says he didn’t get phished, downloaded anything and his session cookies weren’t stolen and I believe him. The only clue is that he received a sms otp from google but was invalid when he inputted it which let’s me to believe he relied on SMS for 2fa in the first place. My theory is he reused passwords and his number was overtaken but I’m not sure if that’s the case since he did receive the google otp so that leaves out the common phone rep social engineering methods of porting out and fowarding. What else could it be? My paranoia is kinda acting up
Tldr: A YouTuber’s account was hacked despite having 2FA. While unsure of the exact method, potential factors include relying on SMS OTP and the possibility of password reuse. No session cookies were stolen, nothing downloaded and no links clicked
Edit for timestamp: its kinda difficult since he jumps around a lot but he begins to talk about it around the 2min 30sec mark and stops at around the 6min mark
If he wasn’t trying to log in then how did he have anywhere to input a 2FA code? If he was trying to log in its possible that his PC was compromised by malware and he got his credentials + 2FA stolen by EvilProxy
Edit: checked out a bit of the video for context. It sure sounds like that it was probably bad 2FA set up. Does Google still support security questions? If he’s had partner for a decade then surely security questions were set up as a second factor. I don’t know if they are still supported though