Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks.
Fuck but I do have totp already enabled should I just change my password?
Edit: my paranoia got to me I’m gonna just reset my totp seeds and change my password. Some of the info was fake so that’ll protect me a bit. Guess that’s the best you can do for now
Edit 2: they made it a pain in the ass to change your password apparently now they favor only 20 characters max (rip my 35 character password). A nice warning on their website would’ve been really helpful
Edit 2: they made it a pain in the ass to change your password apparently now they favor only 20 characters max (rip my 35 character password).
That just screams they’re not storing passwords properly. If you’re salt+hashing your passwords, they could throw Hamlet into the password field and the only limit is how big the text entry field can be. The output is a fixed length string, so I put length should be immaterial.
Fuck but I do have totp already enabled should I just change my password?
Edit: my paranoia got to me I’m gonna just reset my totp seeds and change my password. Some of the info was fake so that’ll protect me a bit. Guess that’s the best you can do for now
Edit 2: they made it a pain in the ass to change your password apparently now they favor only 20 characters max (rip my 35 character password). A nice warning on their website would’ve been really helpful
That just screams they’re not storing passwords properly. If you’re salt+hashing your passwords, they could throw Hamlet into the password field and the only limit is how big the text entry field can be. The output is a fixed length string, so I put length should be immaterial.