Ransomware crooks SIM swap medical research biz exec, threaten to leak stolen data Ransomware crooks claim they've stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked. The Register understands one or more people close to or affiliated with the notorious Alphv, aka BlackCat, extortion gang managed to get into a …
Some companies use a 2FA token generator called "VIP Access." It's really secure. Super duper secure. It's so secure that you can't back up its internal token. Lose your phone data, lose your 2FA.
Companies using it know this happens all the time so they're fast at fixing it. All they do is ask some trivial questions and verify your identity with SMS.
"Is it possible for the telecoms to put a lock on a mobile to prevent SIM swapping?"
It all depends on the telco's approach. Here in NL Vodafone will give you a new SIM in one of their shops, but you'll need to show your driving licence or passport. Or they'll send you one, but to the address in their records only I think. So that's reasonably secure.
Same in the UK... you actually have to prove who you are. Clearly either someone in the US is lax at their job, or has been bunged some moola to let it happen... or the security procedures are just *that* lax at the mobile provider where this occurred, in which case it'd be useful to know who they are so people are put on notice about them.
My phone provider requires me to tell them a password that I chose earlier if I ever call them up.
Hopefully all agents follow this protocol and do not makes changes on an account if the caller pretends they have forgotten the password.
This is why I never use SMS 2FA where possible.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
