I received a 2FA code from TMobile last night, but had not tried to logon. I know they just had ANOTHER breach (they say no pw’s or financial info was taken, but who knows?) and they did not notify me that my info was involved (yet). Anyway, I changed my email & pw on 1/19/23 when I found out about the breach. So I get this code and then I think, what’s up with that? I logged on & my account seems fine. BTW, when I logged on, the 2FA code was sent to the same short code that the unsolicited one came in on, so it appears to be legit TMobile. I changed my pw again (not the email). You can logon with phone number or email id, so if someone has my phone number they could try to logon.
I use very long, strong, random passwords generated by a password safe, this one is 29 letters numbers & symbols. I just can’t believe someone got my pw! Is that possible? How is that possible? Unless Tmobile was breached again since 1/19/23.
Also, back in Dec 2022 – this same thing happened with my Apple ID which really rattled me. I changed that pw and have not gotten any other codes since then, but why would this be happening and do I need to do something more to protect myself? Why would I receive codes I did not request? thanks! Donna
