Security questions aren't really that secure anyway. A "real" hacker could just pretend to be helping out a friend after a debilitating accident and ask for everything to be reset.
Exactly, or the "crying baby/stressed out parent" example that made the rounds a few years ago. Hackers don't need to monitor every public comment you make, just trick 1 minimum wage call center worker for 5 minutes.
It's security through obscurity, with a bonus that the people who use this technique can't seem to keep quiet about it so it's not even obscurity.