请问HN:我收到了关于我不认识的网站的试用账户的邮件。
我在我的主要个人 Gmail 账户上收到了几封我不知道的服务的邮件,例如一个位于德国地区的 Shopify 试用账户(我并不住在那里,也从未注册过 Shopify 账户),还有一个我不知道存在的票务转售网站的账户。
我不明白有人是如何在没有通过接收和点击邮件来验证账户的情况下做到这一点的,但我在 Google 的设备列表上识别出每一台设备/访问记录。我还启用了双重身份验证(2FA)。
显然,我已经更改了密码,并请求 Shopify 删除我的个人信息(PII)30 天——试用期已过,所以我无法越过“支付我们钱才能做任何事情”的壁垒,自己删除商店。
我可能遗漏了什么?这可能是某人远程访问了我的某台设备,并能够绕过双重身份验证吗?
查看原文
I’m seeing emails for a few services at my primary personal gmail account that I don’t know anything about, e.g. A shopify trial account in the Germany region (I do not live there and I've never signed up for a Shopify account) and an account on a ticket resale site that I didn't know existed.<p>I don’t understand how someone could have done this without being able to verify the account by receiving and clicking on an email, yet I recognise every device/access on Google’s list of devices. I also have 2FA enabled.<p>I've obviously changed my password and invoked Shopify's 30 day delete on my PII - the trial has expired so I cannot get past the "pay us money to do anything" wall and delete the shop myself.<p>What could I be missing? Could this be someone with remote access to one my devices and able to defeat 2FA?