Hacker News new | ask | show | jobs
by rms_returns 3534 days ago
Here are more details about that[1]. I'm still surprised how they could have gained access to his Youtube and Twitter just by using his phone number.

[1] https://www.reddit.com/r/boogie2988/comments/4psg4x/i_was_ha...
1 comments
JohnTHaller 3533 days ago
If you know someone's Gmail account used for YouTube and have access to their cell phone to receive text message verifications for account resets, you have full access.

Being able to verify a code sent to the mobile phone registered with the account is used as proof of identity for account recovery by basically everything online except banking.

link
rms_returns 3533 days ago
k. But in boogie2988 case, did the hacker got access to his actual cell phone or just cell number? That's not clear.
link
DanieI 3532 days ago
A social engineer goes to the Verizon store and tells customer service that they have lost their cellphone. Customer service deactivates the owner's phone and gives the social engineer a brand new phone that's connected to the owner's account.
link
rms_returns 3532 days ago
Weird! Don't the Verizon guys do an ID verification that the person requesting the new phone is really who he claims he is?
link
JohnTHaller 3532 days ago
They apparently didn't in boogie's case.
link