Security and privacy risk on MyPrepaid customer account portal
I am absolutely shocked at the lax security you have on the Prepaid customer account portal, att.com/myprepaid.
Your customer account portal website permits only 4-digit passwords: nothing longer than 4 digits, no letters, no symbols. This serious security and privacy lapse is compounded by the username being simply the 10-digit telephone number associated with the account.
Once logged into the user portal, someone can view the entire calling history on the account, order new services, change a plan, deactivate a device, and even cancel auto-pay, potentially causing the customer to lose his telephone number due to non-payment.
How can a major corporation like AT&T offer its customers such ridiculously insecure protection on their personal information and account settings? Surely you can understand the need for permitting proper passwords, and even for offering protection beyond passwords, like 2-factor authentication.