Sorry you went through all that, and even more sorry that you'll probably be dealing with the fallout for quite some time.
I agree that SMS 2FA is not secure and a terrible idea. I've moved countries and my old mobile number has been given out to someone else. I don't even know what accounts I have might be tied to that phone number and I don't have any way to find out.
I have had friends message that person without knowing it as well. He could easily impersonate me on WhatsApp and fish for my personal info from those contacts.
Luckily, he seems to be a decent person but I not only have to trust this stranger to be honest, but also need to trust that the number stops at him or goes to another honest person if he drops it.
Phone numbers are not identity and using it for verifications of this sort is a horrible idea.
I agree that SMS 2FA is not secure and a terrible idea. I've moved countries and my old mobile number has been given out to someone else. I don't even know what accounts I have might be tied to that phone number and I don't have any way to find out.
I have had friends message that person without knowing it as well. He could easily impersonate me on WhatsApp and fish for my personal info from those contacts.
Luckily, he seems to be a decent person but I not only have to trust this stranger to be honest, but also need to trust that the number stops at him or goes to another honest person if he drops it.
Phone numbers are not identity and using it for verifications of this sort is a horrible idea.