[JohnTHaller]

It's certainly not a lot of people's experience. Youtuber boogie2988 (3.5m subscribers) had his accounts hacked and his channel deleted (his primary source of income) via a Verizon social engineering hack. The hack via Verizon gained the hackers access to his Twitter, YouTube/Google accounts, even his PayPal account.

[closeparen]

Verizon may be quite serious about protecting Verizon and its infrastructure, while still indifferent to retail subscriber account takeovers.

[rms_returns]

Here are more details about that[1]. I'm still surprised how they could have gained access to his Youtube and Twitter just by using his phone number.

[1] https://www.reddit.com/r/boogie2988/comments/4psg4x/i_was_ha...

[JohnTHaller]

If you know someone's Gmail account used for YouTube and have access to their cell phone to receive text message verifications for account resets, you have full access.

Being able to verify a code sent to the mobile phone registered with the account is used as proof of identity for account recovery by basically everything online except banking.

[rms_returns]

k. But in boogie2988 case, did the hacker got access to his actual cell phone or just cell number? That's not clear.

[DanieI]

A social engineer goes to the Verizon store and tells customer service that they have lost their cellphone. Customer service deactivates the owner's phone and gives the social engineer a brand new phone that's connected to the owner's account.

[rms_returns]

Weird! Don't the Verizon guys do an ID verification that the person requesting the new phone is really who he claims he is?

[JohnTHaller]

They apparently didn't in boogie's case.