Twilio developer Kevin Burke has found a serious security flaw in Virgin Mobile USA's online authentication system. Anybody who knows a customer's valid Virgin Mobile number can, with little effort, see who a subscriber has been calling, change the handset associated with a phone number, change billing information, and even purchase a handset using a credit card stored on the service.
