How to hack Google Authenticator
You just need the target's Gmail username & password
A couple of years ago, someone within T-Mobile transferred my phone at 3 AM, and by the time I woke up, they had stolen all the crypto in my Kraken account (~$320k, see here). I was complacent because 1) I had Google Authenticator, which I thought was tied to my physical phone, and 2) I had an extra security layer on Kraken so that withdrawals took an extra day and had a separate Authenticator code.
Kraken’s extra withdrawal security feature is pretty dumb. You can just disable it once logged in and take everything out, an option I did not foresee because it’s so stupid. They still have this protocol even though I told them about my situation a couple of years ago.
Once the hackers reassigned my phone’s SIM, they got into my Google account by telling Google they forgot the password, and so got an SMS message delivered to my phone number that they now controlled. Once they logged into Google, they got my Google passwords for Kraken, etc.
I recently discovered you can pull someone’s Google Authenticator codes with only their Gmail username and password via the trick shown in this video. I had no idea Google Authenticator stored everything on the cloud in one’s Google account, making their authenticator redundant. There might be a way to have their Authenticator never save codes on the cloud, but I am unsure if you have to meticulously watch so that the cloud-saving option is turned off every time you use it. While I do like their search engine and YouTube, I try to avoid their apps and features as much as possible.
By the way, Kraken’s extra withdrawal security feature is pretty dumb. You can just disable it once logged in and take everything out, an option I did not foresee because it’s so stupid.
I don't follow a lot of what you're saying. Can someone use this same strategy to hack my bank account and/or my retirement accounts?