Wait.. what? Shouldnt we be blaming tel co companies for being insanely stupidly easy to hack instead? I mean I have seen teenagers talking about how easy it is. When its so easy even a minor can do it, you have a major problem.
This is a common, but as much as I hate cell phone companies I don't think they ever asked for or advertised themselves as a secure identity verification solution and never should have been used as one.
Tech companies saw cell phone companies had a juicy piece of PII they wanted and SMS was kind of easy to use and common so they did what tech companies do best: They dumped the hard part onto to some one else, then accused them of being out of touch and archaic when they failed to carry the tech companies water for them.
Sure, but this isnt brand new for tel cos either, this is also not impossible to resolve, like requiring in-person ID at a store, would be rather basic but more effective. The fact some kid from the UK can snatch your sim card in New Jersey is astounding.
