If you've got adversaries doing a sun swapping attack you are in a Rick and Morty episode not the real world.
I can't swear Google has never known one my phone numbers in the many, many years I've had an account, though they don't have one recorded now. However I can tell you with certainty I have three WebAuthn authenticators, and no SMS-style 2FA authorised on my Google account now.
> If you've got adversaries doing a sun swapping attack you are in a Rick and Morty episode not the real world.
It happened to Jack Dorsey. And attacks tend to become easier over time. Any employee of an at&t store could do it to you right now.
The reason we know Dorsey was the victim of a sim swap attack is probably that he's important enough that when he was hacked he couldn't be dismissed with the "You probably messed up and leaked your password" dismissal.
No, Jack Dorsey suffered a sim swapping attack. Those happen here in the real world, but the post my joke was aimed at wrote sun swapping. Swapping suns isn't a thing outside of fiction.
As to me, since you made it personal, I'm sure somebody at an AT&T store could attempt SIM swapping but they might have trouble because the system won't give them my number from a completely different numbering system (different county) without a code they don't have.
If you socially manipulate your way into getting a transfer out code (good luck with that, but I'm willing to accept it could happen) then the big problem is I don't use SMS 2FA, as I wrote in the comment you're replying to, so it's a dead end.
I can't swear Google has never known one my phone numbers in the many, many years I've had an account, though they don't have one recorded now. However I can tell you with certainty I have three WebAuthn authenticators, and no SMS-style 2FA authorised on my Google account now.