[nebula8804]

Isn't this something Elon Musk brought up a few weeks ago when Twitter SMS 2FA stopped working in some countries? (India? I think?). On a Twitter spaces he said they were losing millions to SMS fraud for years and found out that some Telecom companies were complicit so they just cut off all SMS traffic to those companies until they re-negotiated terms.

[ridgered4]

Last time I tried to sign up for Twitter it demanded I verify my account with text messages. Actually, virtually all services do this now when creating an account. The worst (Microsoft for example) let you sign up and use the account for a bit (possibly purchasing some items tied to the account) and then extort the phone number out of you later to maintain access.

It is sort of amusing that these companies hitched their wagon to the now scam laden telephone network to track users and ended up getting scammed themselves.

[mylidlpony]

TBH I would consider this type of fraud of a more Robin Hood variety. Companies that still encourage weak security practices like sms 2fa (or even worse, just hoover your PII under the guise of it) should be defrauded of their money as much as possible.

[ectopod]

This is illegal under GDPR. After someone has signed up for a service you can't then demand additional personal information as a condition of continuing to supply the service.