T-Mobile Will Give Away Your SIM Card - Reason Behind Recent YouTube Account Compromises

[Deletist_Jerk]

10 minutes ago, Snadzies said:

You can set all the rules and regulations you want but all it takes is to fool a single employee out of the hundreds or thousands working for a company.

It isn't like these people try once and give up, they will try again and again and again, each time getting more knowledge about what internal lingo is used to make them sound like a legit employee until someone at the company gives up the info.

In other words, they figured out which employee was the stupid one. 

[KuJoe]

This is not new, social engineering is the oldest form of hacking and has been around long before computers were common place.

[handymanshandle]

I originally thought you were trying to say that Linus has T-Mobile. I was thinking like, Linus lives in Canada. As far as I'm aware T-Mobile doesn't directly service Canada.

 

Anyways, good thing I have Verizon. Eh? Well most regular people are not on the radar of those groups or hackers using social engineering to gain access to accounts.

[KuJoe]

16 minutes ago, Deletist_Jerk said:

In other words, they figured out which employee was the stupid one. 

Not necessarily, smart people aren't perfect either and can make the same mistakes stupid people make.

[ionbasa]

You guys don't know how simple it is to get a sim card do you? All I had to do was walk into an T-mobile retail store and ask for a card based on the phone number I gave them. No one batted an eye or asked for the last 4 digits of my SSN or my DOB.

 

They only asked for the billing address on file for verification and for $10 for a replacement card. As you all know, your mailing address really isn't a secret, since it's more or less public info and easily accessible. If you know a person's first name and family name, you can easily search and find their address, and other pertinent info too. Most (if not all) counties had an online public records database via the Recorder-Clerk's office.

[Master Disaster]

Am I misunderstanding something here or do USA SIM cards work fundamentally different to European ones? If someone got my SIM it wouldn't allow them access to anything as the actual data is stored on the phones memory, my phone which I still have? Sure they could run up my bill by calling and using my data but I don't see how it allows them access to any of my personal online accounts? 

[ionbasa]

2 minutes ago, Master Disaster said:

Am I misunderstanding something here or do USA SIM cards work fundamentally different to European ones? If someone got my SIM it wouldn't allow them access to anything as the actual data is stored on the phones memory, my phone which I still have? Sure they could run up my bill by calling and using my data but I don't see how it allows them access to any of my personal online accounts? 

If you have someone's sim card, 2 factor authentication no longer works, since you now can access their messages. Many 2 step logins rely on sms to send a numerical code for validation when logging into an unknown computer. Many people also use the cellphone number as the password recovery method, meaning you're also able to reset passwords to things like email, social media, banks, etc.

[Master Disaster]

4 minutes ago, ionbasa said:

If you have someone's sim card, 2 factor authentication no longer works, since you now can access their messages. Many 2 step logins rely on sms to send a numerical code for validation when logging into an unknown computer. Many people also use the cellphone number as the password recovery method, meaning you're also able to reset passwords to things like email, social media, banks, etc.

Ahhh I see, yeah that makes total sense now. Thanks for the clarification, it's still early here and I'm still hungover

[Donut417]

On 7/8/2016 at 11:50 AM, LAwLz said:

Not much to say here except AT&T T-Mobile are run by idiots.

This is most likely how Linus got his account compromised. Basically, someone called AT&T T-Mobile, pretending to work for T-Mobile, and asked to get a replica of Ethan's SIM card. Once they got that, they can bypass things like 2-step verification that relies on SMS.

 

 

 

Edit: Sorry AT&T. Got you mixed up with T-Mobile. It was T-Mobile that screwed up.

This might be happening with other carriers though.

Just as bad as when some one dress up as a Loomis driver and got $100,000 from walmart. For any one who doesnt know, Loomis is the armored truck company Walmart/Sams Club uses. That guy was one smart cookie.