Tuesday December 20, 2016

Hackers Have Stolen Millions In Bitcoin Using Only Phone Numbers

I don't know why people insist on calling these crooks "hackers." Scammers have been pulling this type of scam for years. The only thing that makes this case different is that crooks don't usually get access to millions of dollars worth of bitcoins. Thanks to cageymaru for the link.

A hacker had faked his identity and transferred his phone number from T-Mobile to a carrier called Bandwidth that was linked to a Google Voice account in the hacker’s possession. Once all the calls and messages to Kenna’s number were being routed to them, the hacker(s) then reset the passwords for Kenna’s email addresses by having the SMS codes sent to them (or, technically, to Kenna’s number, newly in their possession). Within seven minutes of being locked out of his first account, Kenna was shut out of of up to 30 others, including two banks, PayPal, two bitcoin services آ— and, crucially, his Windows account, which was the key to his PC.