Friday, July 21, 2017 [Tweets] [Favorites]

I Got Hacked and All I Got Was This New SIM Card

Justin Williams:

I like to think I take an above average amount of steps to secure myself online: I use a password manager, unique passwords as complex as the site will allow, and turn on 2-factor authentication when possible. A true security expert will likely find some sort of flaw in my setup, but I’ll argue that I am doing more than 95% of the planet.

So how did I, someone who is reasonably secure, have his cell phone disabled, his PayPal account compromised, and a few hundred dollars withdrawn from his bank account?


The man on the phone reads through the notes and explains that yes, someone has been dialing the AT&T call center all day trying to get into my phone but was repeatedly rejected because they didn’t know my passcode, until someone broke protocol and didn’t require the passcode.


You’re likely wondering how my cell phone being compromised leads to my PayPal account being compromised? All you need to reset a PayPal password is an email address and a phone number to accept the verification code. Since PayPal only supports SMS-based authentication, all the perpetrator needed was to be able to receive SMS messages as “me” and he was in.


Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment