Account Security Concern — 355+ Open Ports Scanning “T-Mobile.com” — Severe Third-Party Control
My family and I have undergone a serious security breach from account opening in September 2023 to present. I have taken to network security websites and tools to try to determine the cause of the problem that is keeping persistentconnection from a third-party on my mobile lines Recently I did a Port Scan for the domain "T-Mobile.com" and found that there is at least355 open ports(and 10's of thousands of identified, closed, or blocked ports). This is very much out of the norm for any other domain I scan (having only 3-5 open ports). I am seeing Port 11 (sysstat - active users), 9040, 9050 and 9051 open for tor transport, 12345 and 12346 for backdoor Trojans onto ourdevices, amongmany other seriously concerning ports Threat actors have enabled third-party licensure and tools for our accounts which forbid security and privacy. Every bill's text and call log activity is 90% unrecognizable activity. It is strongly believed my phone lines andall activity on them are being shared. When I go into the store, the IMEI numbers showing are not the ones belonging to my devices. There is also an unremovable "managed network" under settings and then Wi-Fi and then saved networks that has always been there and is there when I put my eSIMs or physical SIM cards on any device and goes away when I turn the eSIM off or take the card out. The account is sole-owner, and no credentials have been given out to anyone, ever It also sounds like, from what I heard in store, simply closing the account and creating a fresh one is not an easy process. We have changed numbers and transferred phone service providers two times already and I do not want to do it again if I don't have to. The crime has survived for almost two years now, and I believe my information and my family's information was leaked How do I stop this?I don't know how to close ports or reassign the IP address designated to t-mobile.com. I'm really not sure what to do, but would really appreciate the help Thanks!
McAfee Security para T-Mobile
My phone was stolen in Europe two weeks ago. I got a new phone through the warranty waiting for me at home in the US. So I want to make sure that Find My Phone through theMcAfee Security for T-Mobile service that I am paying for is still working as I setup my replacement phone. I login on my laptom to Mcafee.com and it says that myMcAfee Security for T-Mobile was cancelled. Rats. I call T-Mobile, they confirm it wasn't cancelled. I go to the store so they can look, and the store T-Mobile people confirm that myMcAfee Security for T-Mobile is NOT cancelled. I call Mcafee several times and they say T-Mobile cancelled my subscription. I ask for elevation of the case; nothing. I call back and curse at them; finally, someone from Mcafee calls back and they are elevating it. Are you kidding me? To make it worse, theMcAfee Security for T-Mobile app on my phone says: "if you want to find your phone, click here." Is this real? Am I alive and well, or just a zombie already? Good God. What the heck are we supposed to do? Are we paying for this insanity?
T-Mobile users are not receiving MFA SMS messages sent via Twilio
A client of mine uses Twilio to send security codes out to their members, and they're reporting an increasing number of T-Mobile users who aren't receiving the texts or phone calls. This has been an issue in the past allegedly (I just got moved to this client's team recently), but it's picked up in frequency this past week. I've seen other threads that suggest the messages may be getting blocked, and we've confirmed that we're in compliance on Twilio's side. Can anyone provide me with some assistance or direction on what we can do here? I am happy to provide more information, just let me know if you need additional details. Thank you! Ian
Online Security
Based on the news T Mobile got “hacked” the company should provide free of charge “online security options i.e. McAfee, Norton, etc. Management is downplaying the “info” that was “hacked” however it does not change the fact their security system was breached and they owe their customers “online security” options (at no charge).
Security issue: t-mobile will not stop trusting browser!
t-mobile is always trusting my browser and device and it is never asking me for two factor. I tried clearing all cookies but t-mobile just lets me sail on in with only a user name and password. Steps I took… Log in first time. t-mobile asks for dual factor which is good and expected. I accidentally clicked that I did not want t-mobile to ask me again on this device/browser. I could not find any way to "untrust" the browser/device. I could not find any help on this. I logged out and logged back in…t-mobile lets me in without dual factor... I tried clearing all cookies. I log in again, and t-mobile simply accepts my user name and password without any second factor. Most all websites I know allow a user to "untrust" a device, or at least clearing cookies will resume asking for dual factor's second factor. This seems very insecure. Anyone (or any malware) commandeering thebrowser can log in without dual factor and I cannot see any way to stop that…it's like t-mobile is remembering the device/browser some other way…but if that's the case, the online login should have an option to "untrust" the device/browser (or cookies should do the same). Forgive if I'm missing something but I have never seen this kind of behavior before except for cases where dual factor is broken.
Defunct advice on today's T-Mobile Data Breach page?
Is anyone able to actually sign up for "Account Takeover Protection"? Today's data breach pagesuggests that postpaid customers can enable "Account Takeover Protection" to prevent unauthorized phone number porting: The "See how" link goes to "Account Takeover Protection by T-Mobile" which has a button at the bottom to "Add Account Takeover Protection": That button unfortunately goes to a page that says "This feature is no longer available." Did they seriously not review this when setting up that data breach page?
