Does eSIM really fix this though? The SIM can still be illegally changed out, whether physically or eSIM, unless I’m missing something.No wonder Apple wants to transition into eSim. T-Mobile is just attracting data breaches at all times now.
View attachment 1935860
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
T-Mobile's Latest Data Breach Linked to SIM Swap Attacks
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not really.
Wells Fargo employees were opening new accounts for financial gain, to meet quotas, keep their job, etc.
Mobile carrier employees approving the swap usually do so after the person provides the employee with certain personal information typically used to verify identity/account ownership, though some do it for personal gain.
It doesn't. The two don't have anything to do with each other.
eSIM will protect you from physical SIM swaps, meaning if someone steals your phone, they can't just take out the SIM card and put it into their unlocked phone to gain access to your number.
eSIM will not prevent swaps done on the carriers end.
Are you referring to the people who use password, 12345, birthdays, qwerty, etc for their account passwords?
Sounds like the T-Mobile employees broke protocol with this SIM swap attack.
For those who don’t get why eSIM won’t prevent SIM Swap Attacks, I have a PSA specifically for you:
SIM Swap Attacks are also unofficially known as:
*drumroll please*
eSIM Swap Attacks
🤯
SIM Swap Attacks are also unofficially known as:
*drumroll please*
eSIM Swap Attacks
🤯
The people at T-Mobile are completely incompetent. I have an "account password" setup on my account which they're supposed to ask for when you walk into a store or call them on the phone, and they have NEVER asked me for this password. Additionally, they offer ZERO ABILITY to use 2-factor authentication with an authentication app. They REQUIRE you to use your cell phone to receive an authentication text, which has been known for almost 20 years now of being the easiest & quickest way to hack into anybody's cell phone account! ??? Truly incompetent.
This kind of news is terrible.
Main point: *phone numbers need to be treated with the same respect that SS# do, and protected as such.*
Our phone numbers are just as important as SS#’s now, and if stolen just as potentially devastating.
Two factor is great until your phone number is stolen and paired with other PPI to access bank accounts, etc. (as the article points out).
Has anyone ever tried to get a new phone number? With all the two factors now, and institutions that require phone number for identification, who would go through that rigamarole?!
Main point: *phone numbers need to be treated with the same respect that SS# do, and protected as such.*
Our phone numbers are just as important as SS#’s now, and if stolen just as potentially devastating.
Two factor is great until your phone number is stolen and paired with other PPI to access bank accounts, etc. (as the article points out).
Has anyone ever tried to get a new phone number? With all the two factors now, and institutions that require phone number for identification, who would go through that rigamarole?!
I did this a while back and recently had an in-store T-Mobile rep double check my picture ID when I needed to have my SIM card replaced. Hopefully this will significantly reduce the chance of account takeovers and ports.
Who knew your phone number would be as valuable as your social security number these days. Is gotten to the point where you have to be careful who you give it to. Unfortunately esims won’t be the silver bullet to this problem. The crooks aren’t physically removing the sim, they are just transferring your account to a new sim, thanks to an overly helpful sales rep who don’t do due diligence.
I had this feature, as well as a 10 digit PIN and full instructions not to allow port-outs unless provided with 2 IDs (one of which must be a passport). Went to T-Mob to port out, fully expecting them to ask for my PIN and then having to wait 24 hours for their "fraud" department to approve the port out.
The rep not only didn't ask for my pin, but he also read thru the instructions on the screen that I was a victim of a previous swap, he ignored the instructions, only looked at one ID and the "fraud" department approved the port-out within 2 min without following any instructions on the account. ****ing pathetic company.
I guess this is why 2 factor should never be your phone number.
Well, no, the OP is worng. Servers are as secure as you keep them.
esim does noting at all about these attacks.
No, a SIM PIN only prevents someone from ejecting your SIM card and using it in another phone.
This is why authentication apps are the way to go nowadays. Unfortunately a lot of companies still don't support using them. Hopefully in 2022 we will see widespread adoption. I've started using the new one built into Apple devices and it works well.
Of course, it totally fixes the SIM swap problem. But it leaves the eSIM swap problem
Exactly what I was thinking.
T-Mobile USA has had this issue since the late 2000's!
After giving up all the information TMobile decides to take security seriously?
How about a law that requires ANY company that takes your SSN to be required to hire outside security companies, who are bonded and audited, to maintain a robust defense rather than just some in house clowns that manage an Armenian or Indian team.
How about a law that requires ANY company that takes your SSN to be required to hire outside security companies, who are bonded and audited, to maintain a robust defense rather than just some in house clowns that manage an Armenian or Indian team.