
The actress Sydney Sweeney supposedly had her Verizon phone number hijacked, which would explain how the celebrity's X account was broken into, 404 Media reports.
A picture allegedly depicting a Verizon letter addressed to Sweeney indicates malicious actors likely performed a SIM-swapping attack.
SIM swapping is a technique in which attackers gain control of a telephone number by tricking the service provider into reassigning it to a new device (and new SIM card) that they control.
The main motivation behind these attacks is to bypass two-factor authentication and gain unauthorized access to a user's account.
The image, obtained by 404 Media, depicts a Verizon receipt dated July 2nd, 2024. On the same day, the Euphoria star’s X account was hacked to post cryptocurrency scams.
According to the Cybernews research team, attackers use such attacks to execute a full takeover of celebrity’s social media or other accounts following the malicious practice of restoring an account’s password through identity confirmation on phone number.
“Attacker can also use credential stuffing techniques to brute force celebrities' credentials utilizing information in data leak compilations. In that case, attackers may perform a somewhat more concealed attack that would not alert the victim, if second factor authentication through phone is an option on an attacked account,” researchers said.
The team explained that attackers attempt to hijack celebrity accounts to peddle various cryptocurrency scams. In some cases, attackers would sell accounts to the highest bidder who in turn would reuse the accounts for other malicious purposes.
What is a SIM swapping attack?
To accomplish a SIM swapping attack, an attacker will need to know what mobile service provider the target uses and then call them while impersonating the potential victim.
The attacker may call, identifying themselves by the victim’s name and number, to begin the process of learning what the security questions they will ask, hang up, perform open source intelligence (OSINT), and call back.
After solving the first security question, they are usually presented with another security question and follow the same process until all the security questions have been satisfied.
From that point, they can inform the customer service representative to transfer the victim’s number onto a different device, thus having full power to steal the victim's accounts.
Once the service has been swapped to the attacker’s SIM card, mobile service will discontinue on the victim’s phone. Victims eventually notice a sudden disruption in service, especially if the attack was carried out during waking hours.
Your email address will not be published. Required fields are markedmarked