Interesting... I had something similar happen to me, with minimal outward, acute damage (e.g., running up bills on random credit cards). It is reasonable to assume my entire identity is compromised. Sorry this happened.
How do you know T-Mobile was the entry point, and not say, Google (e.g., Google Chrome, Google Ads)?
What type of phone did you have (e.g., Android or iPhone)?
What is your browser and Search Engine on your smartphone?
SMS in unencrypted, and Google SE has been compromised for much if not all of 2022. From what I can tell the issue persists. I officially reported it in December, and again in January, and again in February. Pretty wild, TBH. Think about the number of services that have Google SE and Ads integration. Makes me nauseous.
Did you happen to report to Apple and Google (for documentation)?
Ways which I shared with Google, because it's a very serious privacy and security vulnerability.
We need more robust security integration to catch things before they are pushed to results. I understand latency will increase, and some ads revenue will decrease. But like, isn't it also cool to have a customer base that is better protected against egregious attacks, attacks that could be prevented? IMO, yes. It's called "stewardship."
How do you know T-Mobile was the entry point, and not say, Google (e.g., Google Chrome, Google Ads)? What type of phone did you have (e.g., Android or iPhone)? What is your browser and Search Engine on your smartphone?
Thanks!