T-Mobile: Spurious Account Takeover Warning

Link post

This morning, reading in bed, I got a very worrying notification:

This is the notification you would receive if someone was in the process of taking control of your phone number, which could then give them access to other accounts where you had used that phone number as a backup or for two-factor authentication. So I was very concerned!

In case this was a different sort of scam, however, I wasn’t about to call the phone number (which could be anyone) but I visited the website and talked to someone over chat. They confirmed that my pin had been changed, but also said that since I have a prepaid account they couldn’t tell me more than that. They told me to call T-Mobile customer support at 611.

When I called 611, they looked into it, and said that this was an automatic message sent as part of migrating my account to a new billing system. They confirmed no one had reset my pin other than their automated system.

I’m disappointed in T-Mobile for either not realizing their migration would trigger this message, or deciding to go ahead with it despite the user impact.