BCOVertigo

@BCOVertigo@lemmy.world

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Why is "vodafone" trying to log in to my hawke-uno account? In the past 3 days they've tried and failed 3 times already, not to mention my account has been recently disabled for inactivity (media.kbin.social)

BCOVertigo, 1 year ago

Low effort speculation:

That’s a vodaphone portugal IP, but this is likely traffic routing though their customer cellular network and not their corporate. It’s possible that someone in PT has a similar username for this service and is fat fingering it. It’s also possible that you’re seeing a tiny sliver of a larger attack.

Spur.us tracks that IP as an egress point for openproxy and windscribe ResIP networks so it’s worth considering that the origin of the authentications you’re seeing may not be Portuguese cellphone but someone hiding behind those services.

Here’s a paper describing the difficulties such a service creates for folks trying to secure accounts with traditional IP reputation based rules. “Resident Evil: Understanding Residential IP Proxy as a Dark Service” ieeexplore.ieee.org/document/8835239

Shooting in the dark for how a bad actor would monetize account takeover for this service if this is in fact an attack… They could try to sell your invitation to that private tracker. They could also look to scoop up a bunch of folks to try and blackmail based on what victims are download/seeding. Other more creative options I’m not thinking of might be on the table.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...