The consumer said that they got the password reset alerts from Outlook, their cryptocurrency wallet account, and the two-factor authentication service Authy on the same day. They submitted logs to 9to5Google to show that the attackers used their phone numbers to receive text messages that gave them access to those accounts. Based on their Fi text history, the criminal actors began seeking two-factor authentication credentials and resetting passwords through SMS within one minute of moving their SIM card. The user was apparently only able to restore control of their accounts by turning network access on and off on their iPhone, however, it’s unclear whether this was the cause of the problem.
