dnt use airtel to cover up his floops, hw can he be using one password for every site that was hw he was phished...

I believe this is just a media cover-up... The fact is Naijaloaded was hacked by people that had scores to settle with Azeez, and has been restored by whoever.

Slyr0x: In the space of one hour, the entire webmaster board was overloaded with several threads titled " got hacked". On checking one of the threads, I hurriedly fired up my browser, checked the Naijaloaded site and poof, I had a defaced webpage before me.

Next thing I did was to send Naijaloaded's owner a mail informing him of the hack which he then replied to this morning saying "They Swapped my SIM, Used the Forgot Password Features and Yahoo Sent the Guy my Code, he then Changed my Yahoo Password and Requested for a Password Changing Note from my Domain Registrar, Then he finally Changed my DNS".

At first, I didn't understand the swapping part. So I fired up my browser again and started crawling through webpages with the dork "Airtel Nigeria instant swap". After much crawling, I learnt that to swap your airtel sim (i.e. to hijack another person's airtel sim), all you need is

1. An airtel swap sim which goes for just N300 and offered for sale here
2. Four (4) most dial'd no
3. The serial number on the new airtel swap sim

. .and in 20mins max, d new Sim will be ready.

That easy yeah?!

After the "hacker" swapped Naijaloaded's owner SIM, he went on to use Yahoo's Forgot Password Features which yahoo then sent the hacker a code (to the swapped sim), he then Changed his Yahoo Password after which the hacker requested for a Password Changing Note from Domain Registrar and ended up changing 's DNS.

A brilliant social engineering attack it was!

This clearly exposes vital security flaws in several customer service systems.

All a malicious person need know to hijack your SIM is your 4 most dial'd nos (your dad, mom, girlfriend, line manager, direct subordinate, etc).

You know what this means? You can directly intercept that scheduled business call by hijacking that Big Oga's sim.

The guy that perpetrated this act not only digitally hacked the owner but they socially hacked him too as he could receive calls on his behalf.

It's quite upsetting that the ecosystem that we’ve placed so much of our trust in(In this case Airtel) has let some of us down so thoroughly.

Even the online Internet banking can be easily compromised. .call the customer care line, tell them you forgot your internet banking password, they will then ask 2/3 questions (1.) Your Date of Birth (2.)Your Account number (3.) Your Phone number and poof. .you have them reeling out all the infos you need (another story for another day)


Social Engineering, albeit a new one in the Nigerian space, is here to stay. .Folks Are You Ready?

on gtb internet portal there is the secret question and token test

adeaugustus: Social Engineering does not require any knowledge of computer programming, all you need is the right information from the right people. Makes me remember the guy that hacked amazon and paypal and stolen credit cards details.

actually advanced social engineering attacks requires u to learn programming to get the info u nid.this is actually a small attack but if u are going heavy attacks u require programming e.g of such social engineering attacks that requires programming is phishing webpage.@slyrox u are a very nice guy just kip it up tanx.

dripstoil:

Just calm yourself down, that'S the best way to learn, you can't be doing wrong thing and still claim to be doing it right. To reset password using phone is as simple as ABC - Just the code and nothing else! No further question after that. Once you receive the sms and enter it correctly, the deal is done. If you give me your phone for just five munites I can hack your email and anything associated with, or will you try?

Lol. No, thank U.

na wa for the original post . you gave too much information plus a link to where to swap sim sef . Jeez! Now more idiots now know how to do it thanks to YOU!

But then looking at your signature your drumming up business for yourself ..are you sure ur not the hacker and solver of hack at the same time ..cause the details you gave buggle my mind

Na wa o.

naturalwaves: This story looks like an Abracadabra and it is difficult to believe. Even if it is that easy getting a sim swapped on Airtel, when the supposed cracker wanted to contact Yahoo, did he just get a Password just like that from Yahoo? Impossible! Getting your password changed on Yahoo isn't that easy. Okay? And the Domain Name Registrer too gave out another Password on sighting just a note for a change of password? I haven't read something as hilarious and ridiculous as this claim in a long while even if you go to court with this crap, you will outrightly lose the case on the first day.
First of all, confirm the sim swap procedure and how the hacker did it from Airtel and then contact Yahoo and get to know how the verification for password changed such that yours was given out so cheaply on just a request then contact your DNR too to get the full details of how your password was changed in a little time before you come up with claims. I understand the fact that, your website was hacked but trying to make Airtel the scapegoat for the process without sufficient evidence is really hilarious. Take heart!

when you don't know something just find out if it possible to do than just saying is ABRACADABRA.....MR it is possible to change your password with your mobile phone from yahoo.....period.

onajo2000

Thank you oo. .I don taya to dey explain

onajo2000:
when you don't know something just find out if it possible to do than just saying is ABRACADABRA.....MR it is possible to change your password with your mobile phone from yahoo.....period.

Reread the whole thread before you say trash. I said it is something I have been through except if the process has been changed. What I said was based on my personal experience when I had the mail problem so, I wasn't conjecturing anything.

Slyr0x: onajo2000

Thank you oo. .I don taya to dey explain

Wh
What was the time frame between the time the phone was swapped(sim wise) and when the crime was perpetrated?

passionate88: Mankind don enter molue wey no get door come fali break at the same time. The guy go dn break him fasting when him hear d news

ha ha ha. Bad man

I knw those cyberguru guys two of them nt personally sha bt colleague tinz had a run in with them sometimes bck. But yorubas talk say if person never get killed 4 him home him no fit die outside meaning they got mankind's personal info 4rm someone close or someone close did the runz sha.

Samoo01:




Since when did Yahoo begin to accept Nigerian phone numbers in its password recovery page?

All of una wey dey talk.. If you check your email regularly, you will see a lot of changes made, all you need to do is request for the password, den u get it.. The hacker just need to search d email for information needed.

funky medina: na wa for the original post . you gave too much information plus a link to where to swap sim sef . Jeez! Now more idiots now know how to do it thanks to YOU!

But then looking at your signature your drumming up business for yourself ..are you sure ur not the hacker and solver of hack at the same time ..cause the details you gave buggle my mind

Na so oooo.


Anyway, One of the reasons I love Glo. It is not easy to swap a Glo line ooo.

Slyr0x's explanation is very very on point.

LeJeun3: I refuse to gree........Did Airtel agree to the fact that it was their fault? Security flaw my ass, after people will complain about how hard it is to swap sims. Mankind was just careless!

Very very easy even with a customer care. I did a sim swap three days ago. And all they asked me were things I could get, say I wanted to use the swap to hack mankind.