[ericschn]

I was also the victim of a T-Mobile SIM swap back in February.

My assumption is that the attackers target individuals that have a high likelihood of owning bitcoin or other digital currency. This can be easily determined by looking at data breaches, and targeting emails that are found both on a cryptocurrency breach and a personal information breach with phone number, name, address, and anything else that would help impersonate the victim.

They accessed my insecure email with SMS authentication, but everything else was locked down more securely. Also, since that day I have been getting 20 times more spam calls and texts, I'm guessing they added my number to some other targeted list.

[schoolornot]

I SIM swapped myself twice on Sprint without authorization at an Apple store. Sales reps can generate a one time code for Sprint Support that allows them to bypass some of the IVRs and prove the call is coming from an Apple Store. Sprint support won't ask for a PIN or SSN. Just the line's number. Bam!

How many people can do this? See those mom and pop "authorized resellers" at the mall? Yeah.

[wil421]

When someone stole my identity and opened up 8 lines they did it all at “authorized reseller” phone booths. I believe it was at a Costco.

AT&T still let them order 4 new lines on a new account even though I already had an account with 2 lines.

[octoberfranklin]

> This can be easily determined by looking at data breaches, and targeting emails that are found both on a cryptocurrency breach and a personal information breach with phone number, name, address

... and this is why you should never use your identity for these things.

KYC is a security liability.

[ThatPlayer]

Happened to one of my friends who was also on T-mobile and had some bitcoins at some point. They got into his email and coinbase account, but he was holding any bitcoin so they tried to buy some which was declined by the credit card.