[chasenjohnson]

You would effectively be able to cross reference this meta data with 2 factor authentication services. It’s probably time to start removing this option entirely.

[sedatk]

How would cross-referencing be useful? You’d just find out what services people use?

[chasenjohnson]

If GitHub always uses the same number(s) for 2fa and there are outgoing texts to your number then the connection is obvious. I’ve read that sim jacking is somewhat common and this would be a good data point.

[sedatk]

So, just for discovering what services people use?

[rboyd]

I guess after mapping the services used you would find the accounts worth going for and those become SIM swap targets

[mikeocool]

Seems like there's a lot of cross referencing well beyond MFA that this'll likely be used for.

Way easier to target phish people's bank logins, if you know what banks they are regularly communicating with.