[dbancajas]

> one number on file for the account. Which means anyone who SIM-swaps you then can reset the passwords on those accounts that allow SMS resets (which is a lot, still).

> reply

Why not use a special phone number for 2FA? How do hackers know your phone number?

[PeterisP]

If you use a special separate phone number for 2FA in multiple places, then it likely has both been exposed in some data breach, and also been sold for marketing/tracking purposes; attackers can get access to both these types of sources.

[rp1]

Hackers can easily get anyone’s phone number. Just Google <name> phone number. There are so many data brokers out there happy to sell this information.