Now, attackers breach a user's mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim's number to another device on their own.
They can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.
Simultaneously, the legitimate owner has their eSIM/SIM deactivated.
I think The Internet Archive needs it more.
https://www.makeuseof.com/tag/wikipedia-millions-bank-beg/