Who is “Gary Jones”? An investigation into how a hacker may have stolen nude photos for a “revenge porn” site:
“Is it really so easy to hack a Gmail account? See for yourself: Go to the Gmail login screen and click on the frequently ignored link underneath the sign-in menu, ‘Can’t access your account?’ Three options appear; choose ‘I forgot my password.’ Type in a Gmail address—any active Gmail address—and if there’s a phone number associated with the account, you’re given three more options, one of which is ‘Get a verification code on my phone.’ You don’t even need to know the phone number. Just hit ‘continue’ and an unrelated six-digit code will appear in a text to the account owner’s phone. Type in that verification code—a number easily obtained by a masquerading e-impostor—and you’re in. The first thing you’re prompted to do is immediately change your password, thereby blocking out the original owner.
“In other words, if a hacker knows only your Gmail address and can figure out how to access your phone, he’s already most of the way into your shit.”