Verizon's TracFone Customers Complain of Attackers Stealing Their Phone Numbers

Attackers have commandeered thousands of TracFone customers' phone numbers in recent weeks, forcing new owner Verizon Communications to improve safeguards less than two months after it took over the prepaid wireless provider. From a report: TracFone offers prepaid wireless service under several brands, including Straight Talk, Total Wireless and its namesake brand. Some customers of Straight Talk said they found their phone lines suddenly disconnected around the December holidays. "We were recently made aware of bad actors gaining access to a limited number of customer accounts and, in some cases, fraudulently transferring, or porting out, mobile telephone numbers to other carriers," TracFone said in a notice posted on its website this month. In some cases, customers said they discovered their lines had been moved without their permission to Metro, a unit of T-Mobile US. A T-Mobile spokeswoman said the company investigated and found "no fraud or data breach of any sort" on its side. The company added that such unauthorized transfers "are unfortunately an industrywide issue."

Verizon, which acquired TracFone in late November in a $6.25 billion deal, said it had added security protections to the recently acquired services to prevent such fraudulent transfers. For instance, the prepaid operators will now send customers a text message notification when a transfer request is made. A Verizon spokeswoman said the attack appeared to affect about 6,000 TracFone customers, a fraction of Verizon's roughly 24 million prepaid lines. "We have no reason to think that this was caused by anybody on the inside," the spokeswoman said. "You've got the bad actors out there constantly trying to find points of weakness," Matt Ellis, Verizon's finance chief, said Tuesday in an interview. "We've addressed that weakness."

Verizon PR

[freeze128]

If Verizon has "added security protections to the recently acquired services to prevent such fraudulent transfers", then why are the fraudulent transfers still taking place?

Re:

[JackieBrown]

I think it was a tense error in the summary, It seems like this was added after the transfer.

Re:

[TechyImmigrant]

I think it was a tense error in the summary, It seems like this was added after the transfer.

The best time to add security measures is after it's too late. Obviously.

Portout Pin is VM Password - VM PW is last 4 of #

[LovelessOhio]

Tracfone's port out pin is the VM password. By default the VM PW is the last 4 digits of the phone number. Even if the VM pin is set to a custom value, unless the customer specifically enables the option to "always ask for password" - an attacker can just spoof his caller ID to match the target phone number and he will be dropped right into the voicemail system where he can than - change the VM and thus the Port Out Pin. ....the more you know

Good Grief

[bill_mcgonigle]

I've been trying on and off for nine months to port my boy's number out of Tracfone and they keep refusing.

Happened to my wife

[DesScorp]

My wife is a stay at home mom, so we don't need an expensive plan with lots of data. We've been using Tracfone for years without issue until this happened. As the article states, right before the holidays, suddenly her phone stopped working, and when we investigated, her number had been ported to Metro PCS. It took two days of wrangling before we got her number back. Tracfone's support was clueless about what happened. We never did find out who stole the number.