Researchers say a malicious user can thus access the voicemail system to then take over online accounts for services like WhatsApp, PayPal, LinkedIn and Netflix. A motivated attacker can simply listen to automated password reset messages sent by online services. Compromised voicemail systems can also be set up to play dual-tone multi frequency (DTMF) tones if password-reset systems require users to input a PIN. The researcher advises consumers not to use easy-to-guess PIN numbers such as birth year or simple number patterns.
Source: https://threatpost.com/hijacking-online-accounts-via-hacked-voicemail-systems/140403/