Every time that there is a leak like this it’s infinitely aggravating how the spin department tries to downplay what happened. If you are using SMS based MFA you probably want to stop doing that now.

  • FuglyDuck@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    11 months ago

    To clarify for people wondering, SIM and IMEI information is how the system knows your phone is… your phone.

    Cloning it is supposed to be hard, but with it, they can receive 2FA messages like “Is This You? Text Y back!”.

    It’s actually super easy, if they have enough information, to convince a carrier’s customer service that they are you (remember… never work the system when you can work the people who manage it.)