[balls187]

The details are in the article, but essentially the attacker used a 3rd party bulk SMS service that allows it's users to use their own number and routes sms messages to said service provider.

The attacker instead used the cell number of the author of the article, and supplied a fraudulent letter authorizing the re-routing of text messages through the bulk SMS service.

The attacker works for a service, which purports to verify the routing and carrier settings for a given mobile phone number; I expect that their solution periodically checks the results and issues an alert if the results differ from a known valid value.

[f430]

and there are no checks and bounds on their side??? no regulations?

[balls187]

Not really; that is the crux of the problem.

The article goes into detail; it's worth the read to answer your questions.

From my experience, there is very little process and oversight being followed. I had my number ported over (with my knowledge) to Tmobile by a 3rd party, however Tmobile had not attempted to verify my consent. The store associate took this person at her word. My then current phone stopping working caught me by surprise.

I can imagine if I signed up for a family plan, any store associate would be happy to move any number of phone numbers into my control.