6-8-21 while I was at work. I received 3 texts from Mint Mobile giving me temporary passwords that I never requested. I thought it was odd so I logged into my Mint account from a desktop pc and changed my password.
6-9-21 at 11pm I received 3 simultaneous texts from Metro by T-Mobile. first a welcome message, followed by two more text messages showing a balance on a account of $381.44 and $571.44.
Immediately my phone lost service. Mint mobile was unavailable until 7AM. Metro by T-mobile refused to help me due to my name not being on the account.
I quickly tried to change all my email addresses on important websites. and remove my phone number from my email address. But Hotmail still allowed my number to be used for recovery even though I managed to remove it before the hacker gained access to my email account and changed my password and locked me out.
At 7AM I was finally able to contact mint mobile and they said I needed to contact Metro..
Metro gave me the run around and hung up on me..
Finally the third attempt at receiving help they had found odd activity on my account and decided to help me.
The Metro Rep made a temporary account for me and took my phone number back from the hacker.
At 9AM I was able to go to Metro store and buy a cheap phone and pay for a month of service to gain control of my phone number.
I was unable to retrieve my email address until the next day due to too many password reset requests.
Once I had my email address back I did not find any activity. The hacker must of deleted any emails related to password resets.
I thought all was well and this ordeal was behind me until 6-22-21 when I got a email from "Freewallet", It is a crypto currency website.
I made a account with them back in 2017 and never used them for anything. I had actually forgotten about them entirely.
The email said there was a login attempt from a device "Redmi Note 8" Which was at home without mobile service but connected to my wifi network.
This leads me to believe that this device itself is what allowed the hacker to do what they did.
I do not have any odd apps on my phone. It is just normal basic stuff from the google app store. amazon, ebay, paypal, credit karma, pokemonGo, ect.
There must be some kind of exploit or spyware on my phone that allowed them to retrieve the temporary passwords from mint mobile. which would explain how they were able to find out my account number and pin code. which then allowed them to port my phone number to the Metro network.
Then they must of targeted my email address in hopes of finding some crypto currency to steal. I have used several other crypto websites in the past but currently do not have any.
I think this suggests that perhaps a data leak somewhere may of exposed my email address and phone number along side crypto websites i have used before.
What amazes me the most is if that is true. How they also managed to find the exploit or spyware in my Redmi Note 8 which allowed them to pull this off.
Or is it possible for somebody to spoof a mobile network and receive my text messages?
That situation might explain why there were three requests for temporary passwords from mint mobile. Perhaps they got it on the 4th try.
But it also does not explain why the attempt at freewallet login came from a "Redmi Note 8" Unless they are able to spoof that also and make it appear as if a "trusted device" was signing in?
How can i be sure? Also, Is it safe to go back to Mint Mobile?