does anyone know how they are breaking 2FA here? it doesn't sound like SS7 hijack because the message is still going to the correct handset and presumably if you are carrying out the SS7 hijack you wouldn't proxy the traffic. was/is uber allowing people to brute force pins? or are the PINs being leaked through whoever is doing bulk SMS messaging for them?