On Oct 1, after a 2h absence from his phone, Bob attempted to check his email and discovered he’d been logged out of his gmail account. Upon trying to log back in, Google notified him that his email password had been changed less than an hour ago.
He then tried to make a call and discovered that his phone service was no longer active. Calling Verizon, he discovered that someone (the attacker) had called less than an hour ago and switched his service to an iPhone 4. Verizon later conceded that they had transferred his account despite having neither requested nor being given the 4-digit PIN they had on record.
The attacker was able to reset Bob’s password and take control of his account. He or she then removed Bob’s recovery email, changed the password, changed the name on the account, and enabled two factor authentication. (Records show that the account was accessed from IP addresses in Iowa and Germany.)