For all of the palace intrigue recently about who in Rupert Murdoch’s News Corporation kingdom knew what about phone hacking when, one fundamental question about the scandal has gone mostly unanswered:

Just how vulnerable are everyday United States residents to similarly determined snoops?

The answer is, more than you might think.

AT&T, Sprint and T-Mobile do not require cellphone customers to use a password on their voice mail boxes, and plenty of people never bother to set one up. But if you don’t, people using a service colloquially known as caller ID spoofing could disguise their phone as yours and get access to your messages. This is possible because voice mail systems often grant access to callers who appear to be phoning from their own number.

Meanwhile, as Edgar Dworsky, a consumer advocate who founded ConsumerWorld.org, discovered recently, someone armed with just a bit of personal information about a target can also gain access to the automated phone systems for Bank of America and Chase credit card holders.

Once those systems recognize the phone number of the incoming call and those bits of personal information, they offer up the latest on the cardholder’s debts, late payments and credit limits. Bank of America’s computer will even read off a list of dozens of recent charges, including names of doctors and other businesses the cardholder might have patronized.