Your Account Just Got Hacked – And You Didn’t Click Anything #DTF029

2.5 billion daily account-takeover attempts. That’s one every 34 microseconds. Damian, Troy & Fern go full send-it mode on the 2025 ATO playbook: SIM swaps, session-token theft, MFA fatigue, rogue QR codes, deep-fake family scams, and the OAuth tokens you granted in 2017 that are still wide open. Timestamps 00:00 – Intro 05:20 – SIM swaps & losing your phone number in minutes 09:40 – Why password resets are useless (session tokens survive) 14:20 – MFA fatigue / push-notification flooding 19:10 – OAuth & old third-party app tokens nobody revokes 24:30 – Rogue QR codes at restaurants & hotels 30:15 – Enterprise reality – weekly O365 token theft 37:40 – Non-human identities & service-account sprawl 44:50 – Passkeys in 2026 – will increase ATO risk if misconfigured 51:00 – Public Wi-Fi, juice jacking & QR code myths 58:00 – Closing thoughts Discord (coming soon) #AccountTakeover #SIMSwap #MFAFatigue #CyberSecurity #Infosec #ZeroTrust https://www.fcc.gov/consumers/scam-al... https://newsroom.servicenow.com/press... https://thehackernews.com/2025/04/cus... https://www.gartner.com/reviews/marke... http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG:   / dtfcyberpodcast   Linkedin: DTF:   / dtf-cyber-podcast   Damian:   / damianchung   Troy:   / kosovotroy   Fern:   / fernrojasaz   Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.