As detailed in a series of tweets, someone posing as Mckesson called Verizon Friday morning. Armed with the last four digits of his Social Security number, the attacker was able to change the registered SIM on Mckesson’s account to one they controlled, redirecting all calls and texts.
Two factor authorization is a great way to protect your online accounts. It relies on two separate things, something you know (your password), and the other being something you have, typically your phone.
So if your phone isn’t likewise protected, the whole thing comes crashing down.
Check with your cell phone provider about whether they can setup a PIN to prevent changes to your account. Might as well get an extra layer of security to the “thing you have” that is such an important part of your online security.