Researchers cited in the blog Krebs on Security found that criminals are using surrendered cell phone numbers to thwart two-factor authentication and break into users' accounts