A hacker was able to gain access to Deray Mckesson's phone today just by knowing the last four digits of his Social Security number.
The hacker called Verizon and impersonated Mckesson and changed his SIM (where a user's phone number is stored) to another phone. Once transferred, the hacker was able to bypass the two-factor authentication Mckesson had set up on his Twitter account (@deray), two email addresses, and his phone.
Since learning of the hack, Verizon has said it "has other safeguards in place" to prevent the same issue happening in the future.
I was hacked today: my Twitter account, two email addresses, & my phone. It was not due to passwords, they hacked my phone account itself.
— deray mckesson (@deray) June 10, 2016
At 10:31 am, someone called @verizon impersonating me and successfully changed my SIM & unsuccessfully attempted to change my phone number.
— deray mckesson (@deray) June 10, 2016
By calling @verizon and successfully changing my phone's SIM, the hacker bypassed two-factor verification which I have on all accounts.
— deray mckesson (@deray) June 10, 2016
Today I learned that it is rather easy for someone to call the provider & change your SIM. The hacker got the account verification texts.
— deray mckesson (@deray) June 10, 2016
I'd realized that my phone had been hacked & separated from the actual phone number when the web only routed here: pic.twitter.com/zwYygVfbYy
— deray mckesson (@deray) June 10, 2016
The staff from @twitter were incredibly helpful once alerted and helped to both delete some of the hacked tweets and give me back access.
— deray mckesson (@deray) June 10, 2016
They simply needed to last four digits of my social security number to gain full access to my @verizon account. https://t.co/EHTJhkTQE3
— deray mckesson (@deray) June 10, 2016
The hacker got access by changing my SIM which redirected texts, then resetting my passwords to trigger two-factor authentication. Intense.
— deray mckesson (@deray) June 10, 2016
They didn't need the passwords up front. They changed the SIM, reset the passwords, got the codes, reset passwords. https://t.co/oAT8MmjgnE
— deray mckesson (@deray) June 10, 2016

There's never a dull moment in the ongoing saga of American Apparel. 

