Wireless carriers are coming under increasing fire for failing to protect their users from SIM hijacking. The practice involves posing as a wireless customer, then fooling a wireless carrier to port the victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Back in February, a man sued T-Mobile
for failing to protect his account after a hacker pretending to be him, ported out his phone number, then managed to use his identity to steal thousands of dollars worth of cryptocoins.
T-Mobile customers aren't the only users who've experienced this problem. US entrepreneur and cryptocurrency investor Michael Terpin sued AT&T last summer
(pdf) for the same thing: somebody ran a SIM hijacking scam on AT&T, then stole his identity and, in turn, stole $23.8 million in cryptocurrency. And while AT&T tried hard to have the case dismissed, a Los Angeles federal judge last week issued a mixed ruling
that nixed AT&T's request to dismiss the case, but demanded that Terpin do a better job highlighting how AT&T is directly responsible:
"Wright agreed with AT&T that Terpin had not adequately explained how the hack of his account led to the theft of his cryptocurrency or why AT&T should bear responsibility. As a result, he dismissed claims that relied on Terpin's claimed $24 million loss. However, Wright dismissed the claims with "leave to amend," meaning that Terpin has 21 days to file a new version of his lawsuit that more fully explains how the cryptocurrency was stolen and why AT&T should be held responsible."