If someone knows your cellphone number, they can hijack an MFA confirmation by getting a sim card assigned with your phone number. Sometimes a password reset is as simple as getting that MFA confirmation text.
Name, birthdate, postal address, and a good fake sob story can go a long way toward getting an institution to reset your password.
Security questions can be surprisingly generic… favorite color, favorite food, favorite pet etc can be figured out from personal information posted online.
Once someone gets into your primary email, a quick browse will determine which services you use, and password resets of those services can now be trivial at that point.
Latest Answers