In this case, however, the perpetrator didn’t try to port Rosenzweig’s phone number: Instead, the attacker called multiple T-Mobile retail stores within an hour’s drive of Rosenzweig’s home address until he succeeded in convincing a store employee to conduct what’s known as a SIM swap.
~ Brian Krebs from, https://krebsonsecurity.com/2018/05/t-mobile-employee-made-unauthorized-sim-swap-to-steal-instagram-account/
slip:4uketo1.
Free swapping of SIMs is a feature making it easy to change phones [which might require different SIM card sizes] and to recover from entirely losing your device.
Age-old axiom: If you can imagine a situation where you would prefer to not use the feature, then someone can imagine a way to abuse that feature as a security vulnerability.
…and just a few days ago I was talking about not using your cell phone as a “second form of authentication.” :/
ɕ