Hacker News new | past | comments | ask | show | jobs | submit login

Last time I tried to sign up for Twitter it demanded I verify my account with text messages. Actually, virtually all services do this now when creating an account. The worst (Microsoft for example) let you sign up and use the account for a bit (possibly purchasing some items tied to the account) and then extort the phone number out of you later to maintain access.

It is sort of amusing that these companies hitched their wagon to the now scam laden telephone network to track users and ended up getting scammed themselves.




TBH I would consider this type of fraud of a more Robin Hood variety. Companies that still encourage weak security practices like sms 2fa (or even worse, just hoover your PII under the guise of it) should be defrauded of their money as much as possible.


This is illegal under GDPR. After someone has signed up for a service you can't then demand additional personal information as a condition of continuing to supply the service.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: