AT&T Sued After SIM Hijacker Steals $24 Million in Customer's Cryptocurrency

from the whoops-a-daisy dept

It has only taken a few years, but the press, public and law enforcement appear to finally be waking up to the problem of SIM hijacking. SIM hijacking (aka SIM swapping or a "port out scam") involves a hacker hijacking your phone number, porting it over to their own device (often with a wireless carrier employee's help), then taking control of your personal accounts. As we've been noting, the practice has heated up over the last few years, with countless wireless customers saying their entire identities were stolen after thieves ported their phone number to another carrier, then took over their private data.

Sometimes this involves selling valuable Instagram account names for bitcoin; other times it involves clearing out the target's banking or cryptocurrency accounts. Case in point: California authorities recently brought the hammer down on one 20-year-old hacker, who had covertly ported more than 40 wireless user accounts, in the process stealing nearly $5 million in bitcoin.

One of the problems at the core of this phenomenon is that hackers have either tricked or paid wireless carrier employees to aid in the hijacking, or in some instances appear to have direct access to (apparently) poorly-secured internal carrier systems. That has resulted in lawsuits against carriers like T-Mobile for not doing enough to police their own employees, the unauthorized access of their systems, or the protocols utilized to protect consumer accounts from this happening in the first place.

While T-Mobile has received the lion's share of negative press attention on this subject in recent months, AT&T this week got dragged into the fun. The company was sued this week for $224 million by a customer who says AT&T's failure to adequately protect his account resulted in the theft of nearly $24 million in cryptocurrency. The full complaint (pdf) notes that AT&T customer Michael Terpin is seeking $200 million in punitive damages and $24 million of compensatory damages for the cryptocurrency losses.

The suit alleges that Terpin had his phone number stolen and ported out at least twice between mid 2017 and early 2018, resulting in the thief then hijacking his identity to empty out his cryptocurrency accounts. Terpin also accuses of AT&T of failing to protect its customers despite ample press coverage of the SIM hijacking phenomenon. Worse perhaps, the lawsuit alleges that the thief successfully hijacked his phone number despite AT&T adding "higher security level" protections, which AT&T specifically stated would protect his account from such hijinks. From the complaint:

"AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective. AT&T does virtually nothing to protect its customers from such fraud because it has become too big to care."

Again, carriers haven't really much wanted to talk about this phenomenon, or the fact that their own employees are frequently either being hoodwinked or paid to participate in these thefts. And while carriers are trying to add additional security to protect such ports from happening (for example, T-Mobile customers should call 611 from their phone and demand a "port validation” passcode), the problem of carrier employees playing a starring role in these scams hasn't yet been fully addressed. It's likely the growing number of lawsuits by hoodwinked users will add some additional incentive to do so.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cryptocurrency, michael terpin, security, sim hijack
Companies: at&t


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 16 Aug 2018 @ 6:25am

    I hope the punitive damages get inflated to billions. It's a very serious issue that has to be addressed and if they aren't going to do it to provide a better service then let's make them do it because it hurts financially not to do it.

    I can dream, right?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2018 @ 6:55am

    Please excuse my ignorance, but what data is being hijacked in order to get access to the victims accounts?

    How does one access accounts from their phone, does this have to be set up previously? Are passwords stored on the phone?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2018 @ 7:06am

      Re:

      When you get a new phone, you have to have the company deactivate your old one and make the new one answer when people dial your number. This scenario has 3rd parties paying off employees to change your phone over to one in their control. Any phone-based security like texting you a passcode will now go to the fake phone and you lose everything you tied to your phone account.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2018 @ 8:23am

        Re: Re:

        I had not thought of passcodes being sent to the cell phone.

        Another reason to not tie anything to the cell

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 Aug 2018 @ 12:04pm

          Re: Re: Re:

          Sadly, companies demand more and more services be tied in part or in full to cell/phone numbers, because their market is the average user who isn't savvy enough to know or care about real security, and so companies push cell/phone number authentication in the name of ease of use, when it actually offers attackers an easy means to gain unauthorized access to accounts.

          link to this | view in chronology ]

          • icon
            JoeCool (profile), 16 Aug 2018 @ 12:36pm

            Re: Re: Re: Re:

            Amazon requires you to use a cell phone that they send passcodes to in order to "verify" your identity. I've run into this a few times lately while buying stuff on Amazon.

            link to this | view in chronology ]

            • icon
              Anonymous Anonymous Coward (profile), 16 Aug 2018 @ 12:53pm

              Re: Re: Re: Re: Re:

              I don't have a phone and I don't have a problem using Amazon. Not sure why it is different for me.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 16 Aug 2018 @ 1:12pm

              Re: Re: Re: Re: Re:

              guess I will not be getting an Amazon account then.

              link to this | view in chronology ]

            • icon
              Mat (profile), 18 Aug 2018 @ 8:11pm

              Re: Re: Re: Re: Re:

              You do also have the option of using the much saner 'generate a token' programs like Authy or Google or Microsoft Authenticator.

              link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2018 @ 7:06am

      Re:

      If you you have any password recoveries as texts to your phone, along with texts to that phone for second factor authorization, someone gaining control over your phone number can use it to gain control over your accounts.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2018 @ 9:12am

      Re:

      Websites routinely believe that 2FA codes sent via SMS are safe and secure. This is false. Hacker steals/hijacks victims phone number, goes to website X, does password/account recovery, sends SMS codes to hacker. Hacker gains access.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2018 @ 10:17am

        Re: Re:

        I get it now.

        Many sites use additional "security" questions. Some of these questions are based upon public info like where were you born, so they may be easily obtained if you use your real info for these questions.

        I'm not a luddite if I avoid new fangled devices that invite criminal activities on my behalf .. am I?

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2018 @ 6:43pm

        Re: Re:

        Websites routinely believe that 2FA codes sent via SMS are safe and secure.

        Banks, and pseudobank cryptocoin sites, should know better. Ultimately, their negligence (validating identity via insecure methods) is to blame.

        link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Wesley Bidsnipes, 16 Aug 2018 @ 7:20am

    The stooge deserves the loss. The only way the sim hijacking would help with the cryptocurrency theft is if he was using one of those "bitcoin banks".

    The whole point of cryptocurrency was that you wouldn't need banks anymore.

    Had he done this properly, his wallet is merely a (hopefully backed up) file on his computer, one that only he knows the password for.

    link to this | view in chronology ]

    • icon
      XcOM987 (profile), 16 Aug 2018 @ 7:32am

      Re:

      I fail to see why his use of a "Bitcoin Bank" means he deserve to lose his money because you feel it isn't the correct method to store funds.

      He secured it correctly, AT&T's method of protecting his mobile account is the root cause of all this, what if someone managed to get access to your traditional bank due to your mobile account being compromised, would you just brush it off, blame the bank, or blame the mobile network providor for granting someone else access to your account for $100?

      link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        identicon
        Wesley Bidsnipes, 16 Aug 2018 @ 7:44am

        Re: Re:

        Yes. You fail to see.

        He did not secure it correctly. He gave it to someone else, who promised to maybe give it back later.

        AT&T's failure to secure his phone number is completely incidental. Had this not happened, he'd have lost his cryptocurrency anyway eventually.

        AT&T never promised to be someone's password manager for their accounts. People use them for this, even if they don't realize they're doing so. It places an impossible burden on AT&T. If they stopped doing this, the worst that could happen would be a few prank calls.

        How is a phone company supposed to confirm that a person truly wants to port their number? What uncompromised channel of communication is left for them to figure this out?

        Telling them to "do more" without explaining how they could accomplish this is dumb.

        link to this | view in chronology ]

        • identicon
          Adam V, 16 Aug 2018 @ 7:51am

          Re: Re: Re:

          I'm an AT&T wireless customer. One thing they've done for me is to implement a 4-character "PIN" that they're supposed to require from me before any changes can be made to my account.

          If they didn't set up the PIN for this person, or if the customer service rep didn't ask the caller for the PIN before making changes to the account, that's totally on AT&T.

          Note that this is the same thing that happened to the customer who's suing T-Mobile: "The suit alleges T-Mobile is at fault partly because the carrier said it would add a PIN code to Tapang’s account prior to the incident, but didn’t actually implement it. Tapang also states that hackers are able to call T-Mobile’s customer support multiple times to gain access to customer accounts, until they’re able to get an agent on the line that would grant them access without requiring further identity verification."

          link to this | view in chronology ]

          • identicon
            Wesley Bidsnipes, 16 Aug 2018 @ 7:57am

            Re: Re: Re: Re:

            You're a fool if you think the PIN will somehow fix this.

            People will still have their numbers ported. People will still have fortunes stolen from them (partly because they don't understand cryptocurrency). People will still wail and gnash teeth.

            The only thing the PIN changes is that AT&T has an invincible defense in court (someone had the right PIN, how can it be our fault!).

            Stop using your phone number as the master password to your life. Stop using cryptocurrency banks.

            link to this | view in chronology ]

            • icon
              Ninja (profile), 16 Aug 2018 @ 8:23am

              Re: Re: Re: Re: Re:

              "Stop using your phone number as the master password to your life. Stop using cryptocurrency banks."

              It's not the password, it's either a recovery method or a 2FA device. I do agree that we should avoid using phone numbers to such ends due to their inherent insecurity (though having the phone as a 2FA is better than having nothing). However, it doesn't invalidate the fact that telcos have to fix these issues because even if you don't use the phone as any of those, having your line taken over may pose all kinds of problems outside cryptocurrency.

              As for the stop using cryptocurrency banks I'd say cryptocurrencies need to include some sharing of functions of a wallet if the owner needs to. The banking system has many perks we use other than simply storing cash and cryptocurrencies as they are now are not ready to replace banks.

              link to this | view in chronology ]

            • icon
              orbitalinsertion (profile), 16 Aug 2018 @ 8:23am

              Re: Re: Re: Re: Re:

              The results, and how people use their phone number, wittingly or not, is irrelevant to a service provider failing to properly secure and maintain customer accounts. Beyond that, many of these powers created or adopted (and force upon the user) the system whereby the goddamned mobile phone is required for multifactor authentication. (Just like the convenience of using things like fingerprint/face recognition/retina scan as a flippin' password, when they are actually equivalent to a username.)

              I think people are kind of dumb to trust these appliances and services, and frequently don't bother to do minimal securing of anything themselves, even when tools are provided or available. But the entire system, corporate-wise and code-wise, is based on the "(barely (or not really)) good enough" philosophy.

              But at the core of this matter, the issue is: Service providers not following the protocol already in place, which is plenty good enough to stop numbers from being incorrectly ported by actors who have not managed to gain access to any credentials prior to the port.

              Having 24m in cryptocurrency, yeah, i would do a bit more to secure that. It doesn't change the fact the the mobile providers are full-on fail here. The porting issue still exists for those of us who have absolutely nothing of value connected to our devices.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 16 Aug 2018 @ 8:25am

              Re: Re: Re: Re: Re:

              Are you the fool for setting up your cell to perform such activities?

              link to this | view in chronology ]

        • identicon
          No one, 16 Aug 2018 @ 9:07am

          I do See

          So by your logic.

          If a cop shoots you dead for no good reason it is OK because eventually you were going to die anyway?

          For all you know in another week he was moving his money out of bit-coins.

          link to this | view in chronology ]

          • This comment has been flagged by the community. Click here to show it
            identicon
            John Smith, 16 Aug 2018 @ 10:31am

            Re: I do See

            More like it's your fault for having yoru work pirated if you relied on "obsolete" copyright law to protect it, since your business model is evil, and anyone who has ever created anything is an evil billionaire coporation who rips off the little guy, who has ore rights than you to control distribution of your work.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 16 Aug 2018 @ 6:57pm

              Re: Re: I do See

              You keep trying so hard to portray the RIAA as heroes, John. It's almost adorable.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 16 Aug 2018 @ 7:05pm

              Re: Re: I do See

              Are you typing with your pinkies?

              link to this | view in chronology ]

    • icon
      Ed (profile), 16 Aug 2018 @ 8:16am

      Re:

      Comments like yours are exactly like blaming a rape victim for wearing sexy clothes, "she deserved it". I think you must be trolling.

      link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
        identicon
        Wesley Bidsnipes, 16 Aug 2018 @ 8:25am

        Re: Re:

        Comments like yours make it impossible to solve the problem. "Please, someone else fix this for me!"

        AT&T and other companies will not come up with a better process for determining whether a number port is legitimate. First they're incompetent. Even if some other organization could figure out the problem, they couldn't. Second it's an impossible problem. They might be able to reduce the number of swindles slightly, but only by becoming ever more invasive and making it difficult to port your number when you really want to. Third, this problem is ultimately caused by you, the user.

        You're the one that smiled and said "sign me up" when Facebook and other companies wanted to start using your phone number as your master password. You never bothered to understand passwords your entire life (what do you mean I can't have the same password on every website!?!). You ooh and ahh when when Wired or Arstechnica puts up an article promising to make all the badness go away without you putting in any effort (I don't know what 2FA is, but it sounds like magic, wonderful magic!).

        This man (and all the rest) could have chosen to do the following: get password manager software, memorize a single long/difficult password, make all his other passwords 100 characters of unique garbage, use one of those for his wallet file, kept on his own computer and not in some Mt.Gox swindle bank.

        He didn't do these things, now he's out millions. If you want to lose fortunes too, you can do what he did and you can also have the hobby of finding people like me on the internet and screaming "you're victim blaming!".

        His stupidity was punished. Yours will be punished too.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 Aug 2018 @ 8:27am

          Re: Re: Re:

          Are you threatening people on this blog?

          link to this | view in chronology ]

        • icon
          PaulT (profile), 16 Aug 2018 @ 9:22am

          Re: Re: Re:

          "AT&T and other companies will not come up with a better process for determining whether a number port is legitimate"

          They will if they're encouraged enough to. The question is whether the courts and the market can force their hand.

          "Third, this problem is ultimately caused by you, the user."

          You are also a user, genius. That you avoid certain obvious (to you) security risks does not make you immune, it only means that you potentially wouldn't have been caught by this particular scam. There will be others.

          "I don't know what 2FA is"

          You don't know what the fundamental underpinning of this entire case is, can't Google it for 5 seconds to find out, yet proclaim yourself better than who you're talking to about the subject? Hmmm...

          "His stupidity was punished. Yours will be punished too."

          Your arrogance and wilful ignorance will be, also.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 16 Aug 2018 @ 1:03pm

            Re: Re: Re: Re:

            "His stupidity was punished. Yours will be punished too."

            Your arrogance and wilful ignorance will be, also.

            Are you threatening people on this blog?

            link to this | view in chronology ]

          • identicon
            Canuck, 16 Aug 2018 @ 1:20pm

            2FA

            Duh. He probably meant *users* don't know what 2FA means, but they still assume it will magically protect them.

            He's coming on too strong, but he's correct that putting your Bitcoins in places like Mt. Gox and using your phone number as a password reset mechanism are RECIPES FOR DISASTER. Don't do it and don't suggest that others should either.

            link to this | view in chronology ]

            • icon
              PaulT (profile), 17 Aug 2018 @ 12:44am

              Re: 2FA

              Yeah possibly he did, I see that now.

              But, it's still incredibly arrogant to state that people deserve to lose large amounts of money because they don't know as much about internet security as us here, especially since the security system is one used and approved of by so many sources the average person would trust. It's basically like a locksmith going "yeah, you used Yale locks, of course you deserved to have your house cleared out!"

              link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2018 @ 8:26am

        Re: Re:

        Some people actually think that way.

        link to this | view in chronology ]

    • icon
      James Burkhardt (profile), 16 Aug 2018 @ 8:44am

      Re:

      I mean, that cryptocurrency in his sock is great and all, but I found even buying cryptocurrency, let alone using that currency, was impossible without a middleman.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2018 @ 12:17pm

      Re:

      Since I have several forms of crypto I will agree that he was foolish to store it in such a fluid fashion. But if you think someone deserves to be robbed of all their money then maybe one day you will be lucky enough to experience that as well.

      link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 16 Aug 2018 @ 8:39am

    from the the-more-things-change dept.

    We don't care. We don't have to. We're the phone company!

    link to this | view in chronology ]

  • icon
    ShadowNinja (profile), 16 Aug 2018 @ 8:40am

    ... I don't know much about how owning crypto currency actually works, but wouldn't they still need the password to access said currency?

    Couldn't they just change their password on the accounts (such as with a password manager) to make the SIM's useless (assuming they change the passwords in time)?

    Or better yet, couldn't they require two factor authentication or something like that to access the Bitcoins?

    link to this | view in chronology ]

    • identicon
      NotWesleySnipes, 16 Aug 2018 @ 8:56am

      Re: stop using his name jackbid

      Because the user implemented 2FA on the account, required use of the phone for 2FA.

      The user could not change their password without the 2FA device, in this case his phone.

      That makes AT&T an active conspirator and accomplice in the thefts.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2018 @ 2:51pm

        Re: Re: stop using his name jackbid

        So SIM hackers today are the Crammers and Slammers who generated millions of dollars in revenue for the Telco's in the 80's and 90's(and cost users millions in bogus fees).

        We saw how many of those companies were 'brought to justice' (zero in case you missed it), so I'm sure we can expect the same apathy and indifference to the financial ruin they are causing individuals, as long as their bottom line is growing...

        So HIT THEM WHERE IT HURTS... STOP BUYING THE BIG TELINFOMEDIA COMPANY PRODUCTS AND SERVICES. but then when ALL OUR BASE ARE BELONG TO THEM, there isn't much else we can do, (sue, sue, sue...) now is there.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2018 @ 8:59am

      Re:

      >Couldn't they just change their password on the accounts

      If in your private life, your computing devise is your phone, how do you do that when it stops working. You now need another phone or a computer to do anything online.

      A likely scenario, as this sort of crime needs prior research, is that on having the phone transferred, they then do a password recovery on the email account, and now they have time to rob you blind while you try and figure out how you do anything online.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2018 @ 11:42am

        Re: Re:

        "If in your private life, your computing devise is your phone"

        Then you have other serious issues.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2018 @ 8:53am

    What would be wrong with phoning the old phone and checking before making the transfer, as it is presumably still available when a SIM transfer is requested. If the phone is gone, then proof of identity in a shop would not be that inconvenient most of the time, as you have to go and buy a new one anyway.

    O.K, not as convenient a the current system, but convenience is always the enemy of security.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2018 @ 11:02am

    This sort of thing is only going to happen more as more service providers demand a phone number be tied to an account as a primary means of authentication. It's just as bad as making biometrics a primary means of authenticating devices. Phone numbers and biometric data can both be used to get access to accounts and devices quite easily compared to accounts with primary security done being secured by a strong password. Better yet, two-step authentication where the attacker needs access to both the password, and the email address of the victim to get into an account (password + verification email link is a common two-step method).

    As long as email accounts are kept secure (strong Captcha protection), then that should be more than sufficient than demanding users compromise themselves both in terms of security and privacy by providing phone numbers to tie to accounts.

    Lately Google has stepped up its user hostility by not only demanding phone numbers for account authentication, but also by flat-out refusing to login if the user logs in from a different IP address. If you are travelling and attempt to log in on a different IP address on an unrecognized device, you have no way of accessing an email account unless a) you provide a phone number or b) have linked a secondary email to the primary you're trying to get access to (which may or may not still require providing a phone number to get access, and still presents a privacy issue as you may not want to link multiple different email addresses you use together).

    We're in a terrifying age of technology, where ease of use appears to trump good security policies.

    link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 16 Aug 2018 @ 11:24am

      Re:

      I don't have a phone, either landline or mobile. When companies require a phone number I give them one 1-800-555-1212. Guess what. It works.

      Now Google is a bit different. To get a new account (I want a new account for my second tablet) they won't give me one without a phone number. The option is to give them someone else's phone number, so they can send their verification code. You use the code and open the account and then go in and change or delete the phone number. It must make sense to someone...who isn't me.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 16 Aug 2018 @ 11:43am

        Re: Re:

        They do not offer email as an alternative?

        link to this | view in chronology ]

        • icon
          Anonymous Anonymous Coward (profile), 16 Aug 2018 @ 11:52am

          Re: Re: Re:

          A new account means a new email account, everything else hinges off of that, so no. I left a message at one of their product forums a year or so ago and have yet to receive an acceptable answer. They won't even allow web based SMS, though it appears they used to.

          My intention was to get a new account for my second Android tablet that had no relationship with any of my other accounts, so they could not be compromised. It's not like I have anything to compromise, but the principle still holds.

          link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Alfred E Einstein, 16 Aug 2018 @ 1:01pm

    Techdirt says put third-party liability on ATT.

    First, let's all weep for this multi-millionaire who thought he'd gained yet more millions without lifting a finger. Boohoo. I'm done.

    "Wesley Bidsnipes" has already pointed out the not just legal "hurdle" but thousand-foot cliff that must be jumped to get anywhere in a suit. This is no more than extortion attempt to leverage his own stupidity with lawyering.

    --> The "2FA" point simply highlights that phones and gadgets are inherently insecure! ANYONE WITH BRAINS DOESN'T KEEP ANYTHING VALUABLE ON THEM! MIGHT AS WELL BE CASH IN A PAPER BAG!

    Sheesh.

    So, HOW can anyone possibly blame ATT? ... Only due to irrational hate from minion and fanboys.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2018 @ 1:18pm

      Re: Techdirt says put third-party liability on ATT.

      So in your mind AT&T can continue providing hackers with access to your cell phone account because the AT&T customers are stupid?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2018 @ 6:05pm

      The best part about your stupid monikers

      Is that if you had your way; Thad could legally come over to your house and burn all your shit while you were forced to watch.

      You did after all admit you got the idea from him...

      link to this | view in chronology ]

  • identicon
    Docrailgun, 16 Aug 2018 @ 2:04pm

    I thought blockchain and crypto was super-secure?

    link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 16 Aug 2018 @ 4:58pm

    "despite ample press coverage of the SIM hijacking phenomenon"

    So the phone company is expected to do more than the customer.

    While ATT is the devil, shall we look at where this should fall apart.
    His phone was ported out not once, but twice... he still used his phone to secure his fortune.
    Well the pinto blows up if hit from behind even by a shopping cart, but its really nice to go get groceries. o_O OMG my pinto exploded!!!!!! I'm suing Ford!!! What do you mean there was ample press coverage of it exploding if a shopping cart bumped it... they still are responsible for my inaction in parsing my risk...with the 3rd pinto.

    Nearly every major corporations policies to secure things for consumers is a shit show. The cost of placating the suckers is less than paying to have actual security... so ya think they will spend money on security??
    Anyone tried password1 on the Equifax portal yet?

    link to this | view in chronology ]

    • icon
      Thad (profile), 16 Aug 2018 @ 5:25pm

      Re:

      So the phone company is expected to do more than the customer.

      Well, yes, ideally the phone company should not be giving its customers' phone numbers away to other people.

      Well the pinto blows up if hit from behind even by a shopping cart, but its really nice to go get groceries. o_O OMG my pinto exploded!!!!!! I'm suing Ford!!! What do you mean there was ample press coverage of it exploding if a shopping cart bumped it... they still are responsible for my inaction in parsing my risk...with the 3rd pinto.

      ...if your car explodes due to a manufacturer's defect, then yes, the manufacturer is damn sure responsible, regardless of whether you made a sensible purchase decision.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 16 Aug 2018 @ 7:01pm

      Re:

      Well the pinto blows up if hit from behind even by a shopping cart

      Embellish much?

      link to this | view in chronology ]

  • identicon
    carlb, 16 Aug 2018 @ 7:25pm

    Auntie beeb says the Vodafone is just as rubbish...

    From https://www.bbc.co.uk/news/business-45213774

    "Vodafone customer service agents can receive monthly bonuses worth up to £150 for high customer satisfaction scores alone. However, low scores can also result in them being placed on action plans to improve their performance."

    One more incentive for lax security. Gotta love it.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.