Actress Sydney Sweeney experienced a SIM-swap attack in June, resulting in her losing control of her X account. This attack allowed scammers to hijack her phone number, which was used for SMS-based authentication, enabling them to take over her account and use it to promote a cryptocurrency scheme. The incident highlights a recurring problem where attackers manipulate phone number verification to access accounts without needing to hack devices or guess passwords.
SIM-swap attacks involve tricking or bribing employees at wireless service providers to transfer a victim’s phone number to a new SIM card controlled by the attacker. This method circumvents the need for direct device hacking, as long as the victim’s account uses SMS-based two-factor authentication. The attack on Sweeney’s account mirrors previous high-profile cases, such as those involving Jack Dorsey and other notable figures.
The attack on Sweeney’s account was confirmed through a Verizon receipt posted online, which included her personal details and coincided with the suspicious activity on her X account. This evidence suggests that her phone number was fraudulently obtained and used to post ads for a dubious cryptocurrency after weeks of account inactivity.
Verizon, her wireless provider, stated that while they cannot discuss specific cases, they prioritize customer privacy and security. They assured that any issues brought to their attention are swiftly addressed to prevent future occurrences. The attack underscores the need for enhanced security measures and vigilance against such fraud tactics.
