[JohnTHaller]

If you know someone's Gmail account used for YouTube and have access to their cell phone to receive text message verifications for account resets, you have full access.

Being able to verify a code sent to the mobile phone registered with the account is used as proof of identity for account recovery by basically everything online except banking.

[rms_returns]

k. But in boogie2988 case, did the hacker got access to his actual cell phone or just cell number? That's not clear.

[DanieI]

A social engineer goes to the Verizon store and tells customer service that they have lost their cellphone. Customer service deactivates the owner's phone and gives the social engineer a brand new phone that's connected to the owner's account.

[rms_returns]

Weird! Don't the Verizon guys do an ID verification that the person requesting the new phone is really who he claims he is?

[JohnTHaller]

They apparently didn't in boogie's case.