Two-factor authentication is generally seen as the safest bet for protecting your Gmail account. But a harrowing tale from indie developer Grant Blakeman, whose Instagram was hacked through Gmail, reveals how not even two-factor authentication can beat every security threat.
"The attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account."
After the post appeared on Hacker News, more details emerged about how easy it is to bypass security questions through cell providers. As commenter jasonisalive—who works for a provider—put it, service reps often receive commissions based on customer satisfaction, creating "aconstant tension between providing a good customer experience and protecting security and privacy."
Which means a choice between upholding privacy standards and pissing off his customers. "So where do you draw the line between customer support and customer security without either enraging real customers or allowing people to illegally access customer accounts?," asked another reader.