PSA: SIM Swapping

Hello fellow LuaHub users. I’m making this post today since this is a serious alert and you need to take action NOW.

SIM Swapping is basically a method where people can gain access to text messages/phone calls on your account and lately many Roblox developers including callmehbob and a developer of World // Zero was hacked. They call up your provider, pretend to be you and have your phone number transferred to another SIM. And there you go, they have a possible way to hack you. Please add 2FA to your Google or Microsoft accounts and please remove a phone number from your Roblox account.

Thank you.

1 Like

Well my Microsoft account does not have my phone number, but still has 2FA enabled.

My google is basically my life so I have like 4FA on it.

Call my cell provider, I’m sure FirstNet will do anything you ask.

1 Like

The best way to prevent sim swapping is to not give them enough information to convince your service provider to give them your number.
If they get access to your phone they get:

  • They get access to all 2FA and SMS codes sent to your number
  • They can pretend to be you
  • Any accounts linked to that phone number can be stolen

To prevent this from happening do these steps:

  • Don’t click on suspicious links. Not only do they cookie log you but they also steal your personal information, which can result in SIM swapping.
  • Don’t give out info to surveys. The most popular way to get personal information to SIM swap someone was to trick the user into thinking they could get a “Free Covid-19 test” or a “Free Covid-19 vaccine”, don’t go to these sites. Go to your state’s (or country) website and add /coronavirus and you’ll see the official forms for the vaccine.
  • Always have 2FA enabled. Getting someone’s password is as easy as clicking a link(literally cookie loggers can get everything), but bypassing 2FA is much harder than getting into the account.

To lessen the damage done if you are SIM swapped:

  • Use app verification instead of SMS verification. Things like google auth or authy will help prevent you from losing 2FA codes in the rare event that you are SIM swapped.

If you lose cell phone service immediately contact your service provider, as it’s the first sign of a sim swapping.

Note: Removing your phone from your Roblox account actually lessens account security, contrary to popular belief. If your phone is connected to your Gmail, has ever logged into the Roblox account, or has had DevEx receipts go their then you will still lose your account. Please make your service providers account safe using app based 2FA instead of SMS-based verification.

2 Likes

Not to be racist but this is a downside of carriers using Indian customer support to save money.

Absolutely, I recommend Authy over Google Authenticator since you can use it cross platforms. However, Authy would be insecure if you were sim swapped if you didn’t set a master password/disable new device login.

2 Likes

Honestly, any App based 2FA verifier is better than nothing, considering most people don’t have 2FA enabled. You should 100% have your 2FA app secure, with long passwords and a master password for new devices. Discord is a great example of prime account security. It uses app based 2FA(google auth or authy), if a new IP address tries to log into the account it requires email verification, and has good methods of encouraging moderators(of a server) to protect their account from being hacked(server 2FA). If Roblox did this then @callmehbob wouldn’t have been hacked(as the sim swapped phone would have a different IP) and account hackings would go down by 50%.

2 Likes