Comment by hdjjhhvvhga

> Isn't the SIM supposed to hold all sorts of secrets to prevent that?

The process has a security hole by design: SIM cards can get damaged/lost (usually with the phone) and you wouldn't want to lose your number just because you lost your phone or damaged your SIM card by accident. This hole is typically exploited by attackers after they have identified a high-value target. You basically outsource the control over your account to a telco employee.