T-Mobile Hack and SIM Swap Scam: How to Prevent Your Phone Number from Being Stolen


SIM swapping is a serious trend that you should be aware of.

Jason Cipriani / CNET

Just when you think T-Mobile hack it doesn’t get any worse, it does. On Friday, the airline announced that there were more customers affected by the unlawful violation. To add to the severity of the hack, more information was accessed than previously thought. (You should do these steps now to protect your financial information.)

Regardless of whether you are a current or past customer, the hack comes with a concern that account PINs will be exposed. That’s the password which you must give to a T-Mobile representative before changes can be made to your account. A malicious actor who knows your account password could call customer service and ask to replace the SIM card associated with your phone number with a new SIM card that will take over your phone number. If you’ve switched from T-Mobile to a different carrier and reused the same passcode, you should change it right away.

Currently running:
Look at that:

Data breach at T-Mobile: What you need to know


On the surface, this may seem like an inconvenience, but once someone has access to your phone number, they can use that to impersonate you or to log into your online accounts.

For example, Matthew Miller, a contributor on CNET’s sister site, ZDNet, fell victim to a SIM swap scam and experienced the aftermath for months afterwards. Whoever took over Miller’s phone number gained access to their Gmail account, immediately changed their password, then deleted every email, deleted every file in their Google Drive account, and finally deleted their Gmail account entirely.

Miller later discovered that he was being targeted because he had a Coinbase account and his bank account was linked to it. Miller’s phone received his Coinbase account’s two-factor authentication code so the hackers could log into his cryptocurrency trading account and purchase $ 25,000 worth of Bitcoin. Miller had to call his bank and report the transaction as a fraud. That is on top of the immense vulnerability he felt.

Learn smart gadget and internet tips and tricks with our entertaining and ingenious guides.

An illegitimate benefit to someone hijacking your phone number is instant access to any two-factor authentication codes you receive via SMS, the PIN that an institution sends you via SMS to confirm that you are who they are They say. That said, once they have your password, they are just a few clicks away from logging into your email, banking, or social media accounts.

And if someone gets access to your email account, they can change passwords and search your email archive to compile a list of all of your online presence. Take the time to walk away from SMS 2FA codes and use app-based codes instead. Serious.

To be clear, this is not a specific problem for T-Mobile. All wireless carriers and customers can fall victim to SIM swap fraud. Here are some tips for securing your wireless account.


It only takes a few minutes to add a critical layer of security to your account.

Screenshot by Jason Cipriani / CNET

What can you do to prevent SIM swapping on your account?

You can reduce the chances of someone gaining access to your phone number and taking it over by adding a PIN code or password to your wireless account. T-Mobile, Verizon and AT&T all offer the option to add a PIN code.

If you’re not sure whether you have or need to set up a PIN code, here’s what to do for each of the major US airlines.

  • AT&T: Go to your account profile, sign in, then click Credentials. If you have multiple AT&T accounts, select your wireless account, then go to Manage additional security under the WiFi passcode Section. Make your changes and enter your password when prompted to save.
  • T-Mobile: Set up the T-Mobile account transfer protection service. You’ll need to add the feature to every single line of your account. I also suggest changing your account PIN (if you’re not prompted to do so when you set up Account Takeover Protection).
  • Verizon Wireless: Call * 611 and ask for a port freeze for your account. Visit this webpage to learn more about enabling step-up authentication for your account.


If your phone goes out of service, call customer service immediately.

Juan Garzon / CNET

If you have a service through another provider, call their customer service number to ask how you can protect your account. Most likely, you will be asked to create a PIN or passcode.

When creating a PIN or passcode, keep in mind that using a birthday, anniversary, or address as a PIN code is not enough when someone has enough information to pretend they are you. Instead, create a unique passcode for your carrier and then save it in yours Password manager. You use a password manager, right?

How do you know if your SIM card has been swapped?

The easiest way to tell if your SIM card is no longer active is to completely lose service on your phone. You may receive a text message stating that the SIM card for your number has been changed and you can call customer service if you haven’t made the change. But if your SIM card is no longer active, you won’t be able to make a call from your phone – not even customer service (more on that below).

In short, the quickest way to tell if you are affected is if your phone is completely out of service and you cannot send or receive text messages or phone calls.


There are a few steps you can take should you fall victim to SIM swap fraud.

Juan Garzon / CNET

What Should You Do If You Are a victim of SIM Swap Scam?

The truth is, if someone urgently needs access to your phone number, they will do whatever they can to trick your carrier’s support agent. What we’ve outlined above are best practices, but they’re not foolproof.

The researchers could impersonate account holders who had forgotten their PIN or passcode, and often reported recent outgoing calls from the destination phone number being called by the actual account holder. How do you know these numbers? You got the account holder to call. Even more frightening, researchers were sometimes able to provide phone numbers for incoming calls on the account they were trying to take over. That said, the bad guy just had to call the target’s phone number himself.

If you find that you’ve lost service on your mobile device, immediately call your wireless operator and let them know that you haven’t made the changes. The wireless service provider will help you regain access to your phone number. I can’t stress this enough – don’t wait to call. The longer someone has access to your phone number, the more damage they can do.

Here are the customer service numbers for every major cellular operator. Enter the number of your mobile operator as a contact in your phone:

  • AT&T: 1-800-331-0500
  • T-Mobile: 1-800-937-8997
  • Verizon: 1-800-922-0204


Once someone has access to your phone number, they will have access to most of your online accounts.

James Martin / CNET

If your SIM card is disabled, you won’t be able to call from your phone, but at least you’ll have the number on hand to use on someone else’s device.

You should also contact your banks and credit card companies and check all of your online accounts to make sure the perpetrator hasn’t changed your passwords or engaged in fraudulent transactions. If you find transactions that are not yours, call your bank or go to a branch immediately and explain the situation.

Remember, no matter how many PIN codes or passwords we add to our online accounts, there is still a chance that someone could find a way to break in. But at least by setting a passcode for your account and knowing what to do if you find yourself a victim of the SIM swap, you are prepared.

Another critical aspect of strong online security is the use of a Password manager to create and save unique passwords on your behalf. Activate in addition Two-factor authentication on every account it offers. And make sure it’s not you fall for robocalls or fraudulent text messages.


Please enter your comment!
Please enter your name here