I wonder how much of my data they have if I’m on a MVNO like Google Fi… anything? Certainly hopefully not anything payment data related considering I’d hope that’s just a pass thru between TMo and Google, but I presume they would know at some level that I exist? 
1 Like
From everything I’ve read, it’s customer information from their billing system, so unless the MVNO has out-sourced their customer accounts back to the carrier (which IIRC Sprint occasionally did), or they own the MVNO (which they don’t FI) – they shouldn’t have any information.
Now if Verizon got hacked similarly, Visibile might be at risk. Likewise ATT/Cricket (assuming they ever finished their integration project).
Not a guaranteed way to know, but you should be registered here if you aren’t already:
1 Like
My main email address only shows 12, you win. Though my password manager shows another 6 that they don’t.
After you froze all three credit bureaus, and started using strong/randomly-generated passwords, you made sure to implement non-SMS 2-Factor authentication with Yubi keys everywhere – right? It’s a fun weekend project.
There is a point where inconvenience starts to outweigh all possible benefits.
The inconvenience (to someone other than me) is a feature, not a bug.
And if it’s just SOP, then it’s not really inconvenient (why should I know my Amazon password? Or any credit card? Or social media?). I have just under 1000 items in my password manager, I have about a dozen that use app-based 2FA, and a half-dozen that use physical keys. I don’t find it inconvenient, and it has prevented break-in attempts I’ve caught in the act.
The inconvenience is when Hulu stuffs a bunch of javascript in that prevents pasting passwords, and limits their length to a measly 15 characters - that’s inconvenient.
1 Like
You have a 1000 accounts for personal use or are you lumping work into it?
And just to clarify, I have nothing against the password manager use and strong password, but to go completely nuts and start securing social media with hardware keys is a little much. On the other hand I don’t have social media accounts, wherever possible for shopping I don’t create accounts at all, there is a clear separation between important email account and all others, etc.
I don’t do Hulu (or watch any TV) but there are a few sites that Bitwarden won’t autofill or copypasta into, but control V still works for some reason…give it a go!
2 Likes
They’re all mine, but yes some are personal and some are not.
They aren’t just logins: bank info and important documents, secure notes, etc
For instance, I rarely check my Facebook account, but it has a strong password and 2FA like everything else. Anything that ties back to me, and supports 2FA has it. Hardware keys for email and almost anything that supports them (which unfortunately isn’t much). Never feels over the top when I’m getting emails in a recovery account that someone is unsuccessfully trying to change the password on a main account.
I always try. My least favorite pattern is when it asks for the same information twice, one allows it to be pasted-into and one does not. Sites that ask for your email address twice when signing up (line all those developers up and shoot them), or any back transfer where it asks for the ABA and Routing number twice.
My 2nd least favorite pattern is when it won’t allow pasting AT ALL and demands you type the entire number (because a data entry error is what I want with a bank transfer, when the account number is correct in the paste buffer).
I guess for those who haven’t seen these before:
Google just updated their Titan Keys in the past week:
Ha…those are easy to memorize, especially over the 30 years in business. I have NoScript/uMatrix/uBlock/Decentraleyes/Privacy Badger/CookieAutoDelete/CanvasBlocker plugins, so something is ALWAYS broken (by design), so it’s slow torture until I have a site figured out.
1 Like
There are ABA numbers I will never forget, but my account numbers have changed over the years…due to fraud! I’ve stopped becoming attached to them sadly.
1 Like
I get your point, I just think that given a choice between SMS based 2fa and hardware one, in most instances for personal accounts it’s more of a pain in the ass to go hardware (even when supported) than to just go SMS. To me it depends on what the account contains and its relative importance to me. I have accounts that I don’t even have in password manager, and then there are accounts where if I can disable 2fa and use qwerty123 as a password I would do that 
I also try to not open accounts if I can avoid it.
It’s absolutely more effort to use app/hardware-based 2FA than SMS, but SMS 2FA is subject to a very nasty set of attacks.
And since this is a post about the 3rd largest mobile carrier in the US, if you are putting ANY trust in ANY of them, you lose.
I feel like you are selectively ignoring what I’m saying or I’m not speaking English anymore. ‘most instances for personal accounts’. Anything that has to do with financial accounts, yeah, go ahead, protect it as much as you can. But for most accounts, meh.
I understand what you’re saying, I 
disagree.
Y’all think the free line promo are actually free?
1 Like
Seriously, for all the times crazy John Legere played Santa and gave away swag live
But 4x4 MIMO actually worked in 0 launch markets.
TMo still hasn’t confirmed the scope or cause (just that they found and closed it), but I’m sure folks will get free credit monitoring out of it.
Am I the only one that thinks it’s time these companies actually have to pay out something when something like this happens? Providing free credit monitoring is such a joke as most of us already have it for free from some other data breach that I suspect it’s rarely taken advantage of! How about something like if they hack your name, address, & birthdate it’s $10 per record and if they get your SS it’s an additional $50 per record. Until our sensitive info is actually worth something for these companies to truly protect it’s just going to keep happening. Shoot, at this point I may as well go on the darkweb and sell my info. At least in doing that I’ll get something out of it!
Either that or make it easier for us to not have to give them our sensitive info. Enough already…
3 Likes
You are not alone.
During the Equifax breach, I was screaming to anyone who would listen for “corporate death sentences” - put them into receivership, liquidate the assets, and payoff the shareholders.
Unfortunately something like GDPR doesn’t solve this particular problem: when you have proven you can’t handle your business without putting your customers as risk, we should have a process to close your business.
1 Like
I don’t think it will stop regardless. Hackers will be hackers. Now I’m not saying this isn’t T-Mobile’s fault, but I don’t know that any system is completely secure from hacks. Everyone thinks they’re secure until they aren’t.