Bank of America is using phone numbers from 3rd party databases that they guess are linked to you to authenticate and verify users when you call support. Major vulnerability, why isn’t this a big story?

How I Discovered This:
1. I recently called Bank of America’s credit card fraud department.
2. To verify my account, they said they needed to text me a code, and they listed off a couple of phone numbers that I had never heard of before.
3. After verifying with my real number, I asked them how those numbers got added to my account because I’m not familiar with them and I never added them.
4. They told me these numbers …

account america authenticate bank bank of america big call called card card fraud credit credit card credit card fraud cybersecurity databases department fraud isn major numbers party phone phone numbers story support verify vulnerability