The attackers were able to redirect SMS messages used for two-factor authentication in order to approve money transfers . Earlier this year , hackers exploited Vulnerability-related.DiscoverVulnerability vulnerabilities in the Signaling System No . 7 ( SS7 ) protocols to sidestep two-factor authentication and steal funds from German victims ' bank accounts , according to Germany 's Suddeutsche Zeitung . The hackers stole Attack.Databreach bank login credentials via phishing emails that appeared to come from Attack.Phishing the victims ' banks , then leveraged flaws in SS7 to redirect the SMS messages required to confirm funds transfers . `` Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January , '' a representative of Germany 's O2 Telefonica said , according to Ars Technica . `` The attack redirected incoming SMS messages for selected German customers to the attackers . '' Ars Technica notes that security researcher Karsten Nohl demonstrated Vulnerability-related.DiscoverVulnerability the potential impact of the flaws in SS7 last year by recording calls and tracking the location of U.S. Rep. Ted Lieu . Earlier this week , Lieu tweeted , `` I 've been screaming for FCC & telecom industry to fix Vulnerability-related.PatchVulnerability # SS7 security flaw . Perhaps bank losses will get them to act . '' `` EVERYONE 'S BANK ACCOUNT IS AT RISK until FCC and telecom industry fix Vulnerability-related.PatchVulnerability the devastating # SS7 flaw , '' he added .