Tl;dr the most invasive cyberattack these days is what is called a SIM swap. Basically with a few details the hacker can call a carrier and then will ignore the fact they don’t know a password or pin if you know things like account number.
They can then port your number and lock you out. They don’t need your phone it is all done remotely.
That’s because many services have account recovery. They will email you a reset password link to your phone and eureka they are in.
So what to do:
- Call T-mobile and give them a new random “port” pin which is a separate code that protects you from a port. Do this right away as all port pins were exposed by T-mobile last year.
You are toast for AT&T apparently and idk about Verizon and Sprint.
Finally, there is the usual advice
- Use a 1Password manager and generate random passwords. Pay attention to 1Password notifications on the left that tell you what passwords are compromised. And duplicate. Change as needed.
Don’t share passwords and for sure don’t use the Facebook or Google login as this will just make a single breach worse.
Use two factor authentication and disable as many phone based ones as possible. The best are things like Authy. It’s another password to remember but at least the breech gets limited to your phone.
When this happens start filling out forms! Get that phone number back ASAP. And google and Facebook will take forever too.
Call your bank and credit cards guys. Way better to invalidate everything than to lose $100k like the guy in the story lost.