Wow.. that was quite an experience. You are good that you were able to piece the puzzle together and traced back what the hacker did. SIM swapping attack is a threat in many places, but I am curious how did the hacker manage to clone your SIM card. Did you get to find out?
What you said are all very good security practices.
- Secure the email which you use as a recovery email and don't use that email at all if possible to signup for anything online
- ALWAYS enable secondary authentication like 2FA
- Manage your password well and try not to use the same password in all your site. Even though I do have a standard password which I use for dodgy sites however you can't be too careful as even the best companies in the world are not spared from hackers trying to gain access to their databases.
- Frequently check and verify your security logins on all your main accounts.
For point 3, I always recommend folks to use a password manager, you do not need a paid one, something like KeePass works fine. 2FA is a must and should be enabled as long as the application/site supports.
here is my take on it .. the SIM clone must have come from some app which I've installed on my phone. That rogue app could have given information of my IMEI or other information. Once i got a new SIM card .. before i even put the new sim card in, I did a full wipe of my phone. Didn't want to risk it. This is just my speculation as at that exact time, I was in panic mode and didn't want to risk anything.
hi @culgin
perhaps you could write an article about keepass? I myself never used any password manager and I'm not sure if I can trust sites like this one.
Yes, sure. Will certainly write about it someday