Finally got back my T-mobile account (yes, it was a sim swap, meaning that someone socially-engineered T-mobile itself to take over my phone number).

Looks like everyone dropped the ball here.

X shouldn’t enable phone recovery by default, it’s an obsolete practice.

T-Mobile should use PINs to thwart social engineers (we’ve known about SIM swaps for years) + special procedures for public figures who are obvious targets (flag set=call escalation, added verif).

PhD in aviation ∩ climate science | Aviator, diver, ETH maxi, nexialist | Host of /diving /ethfinance /eth-staker /geopolitics /science /singapore /thomas

T-Mobile actually does use PINs (in the US). Unfortunately, more and more of the hacks happen as a result of bribing/coercing a telco employee in which a SIM Pin is useless as they can simply re-assign a number at their discretion