Hackers are finding a lucrative market in stealing mobile phone numbers and resetting passwords on every account that uses the number as a security backup. the Federal Trade Commission had reports of 2,658 incidents as of January 2016.
Hackers have discovered that mobile phone numbers are easy to steal. In a growing number of online attacks, hackers have been calling up Verizon, T-Mobile U.S., Sprint and AT&T and asking them to transfer control of a victim’s phone number to a device under the control of the hackers, the New York Times reports. Once they get control of the phone number, they can reset the passwords on every account that uses the phone number as a security backup, as services like Google, Twitter and Facebook suggest. A wide array of people have complained about being successfully targeted, including a Black Lives Matter activist and the chief technologist of the Federal Trade Commission. The commission’s own data shows that the number of so-called phone hijackings has been rising. In January 2013, there were 1,038 such incidents reported; by January 2016, that number had increased to 2,658.
One user of virtual currency said hackers changed the password on his virtual currency wallet and drained about $150,000. “Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a Bitcoin entrepreneur. The attackers appear to be focusing on anyone who talks on social media about owning virtual currencies or anyone who is known to invest in virtual currency companies, such as venture capitalists. The attacks are exposing a vulnerability that could be exploited against almost anyone with valuable emails or other digital files. Last year, hackers took over the Twitter account of Black Lives Matter leader DeRay Mckesson by first getting his phone number. In cases involving digital money aficionados, the attackers have held email files for ransom — threatening to release naked pictures in one case, and details of a victim’s sexual fetishes in another.