Need help understanding your bill?
sp67398's profile

Tutor

 • 

4 Messages

Sunday, July 15th, 2018 1:19 AM

AT&T Prepaid Account Password - Security Issue

I have AT&T Prepaid account. To access the account, the only way is to login to paygoonline website.

And guess what, password is 4 DIGIT NUMBER.. !!!!

 

This is a very very serious security flaw

 

While the world has moved on to a complex password and two factor authentication, why is this not fixed yet for paygoonline???

 

I am hoping someone in AT&T see this post and act on it.

 

Thanks!!

ACE - Expert

 • 

64.7K Messages

6 years ago

You have a legitimate concern and it has been raised before but what exactly would someone do if they hacked into your account? There really is not much of a risk because there is little reason to hack a prepaid account. They also need to make it as easy as possible for travelers. Too much security could actually scare off customers.

Tutor

 • 

4 Messages

6 years ago

Seriously ??

 

Once someone have access,

They will have access to entire history of calls - who called me, who I called.

They will have access to my credit card used for auto payment

They will my primary address and where I live.

 

These three are major major security & privacy issue. 

 

Even without above, just having access to someone else's account with no effort (4 digit number !!!!) is in itself a privacy issue (what about other preferences and settings). So it is not about whether someone is benefitted for having the account, the fact that someone can access the account is a major flaw, specially from company like At&T which may have millions of prepaid account.

 

 

ACE - Expert

 • 

64.7K Messages

6 years ago

I admit, I don’t have a prepaid account, I thought call and text history would be the only info at risk. I was under the impression credit card info was masked and not accessible. Is that not true? I also did not think personal info like address was stored. 

ACE - Sage

 • 

116.6K Messages

6 years ago

I do have a prepaid account.  I manage an ATT prepaid for a friend, and I have a Verizon prepaid account as of this week.  They both use the phone number and a 4 digit PIN code.  

The only thing they can do with you CC is refill the account, all that is seen is the last 4 digits.  

If you secure your phone, which you should, none of that would not be an issue.  

ACE - Expert

 • 

16.5K Messages

6 years ago


@sp67398 wrote:

Once someone have access,

With your 10-digit number AND the correct 4-digit code. They need BOTH.

 

How many tries of those 10,000 combinations before AT&T locks them out?

 

They will have access to entire history of calls - who called me, who I called.

If this is a HUGE concern you should switch to postpaid immediately. I'm really not sure what someone would do with that list.

 

They will have access to my credit card used for auto payment

Are you saying you can log in and buy stuff with the credit card number? (other than refilling?)

 

They will my primary address and where I live.

How would that help with anything? 

 

Even without above, just having access to someone else's account with no effort (4 digit number !!!!) is in itself a privacy issue (what about other preferences and settings). 

Prepaid doesn't text you a code (that changes) before you can log in? This is a question I'm curious about.

(I thought that was a problem when people traveled internationally, they couldn't log in to cancel because it needed to text them a code and they are out of the country and have no coverage). @lizdance40 Am I mistaken in this or is it just when people forget their passcode? (I just noticed your prepaid comment)

 

 

 

Tutor

 • 

4 Messages

6 years ago

I am actually surprised to see if anyone things 4 digit password is OK. Switching from prepaid to postpaid is not the solution. It is not about accessing one account, identity theft happens when one get access to bit and pieces and knowing more about the person. 

 

 

 

 

 

ACE - Sage

 • 

116.6K Messages

6 years ago

And your name and address are not available ANY where else.  

@sp67398   When carriers ar flooded with identity theft or hacked prepaid accounts, I’m sure they will change the standard phone # and PIN.  

But that is not happening.  So they have no reason to change.

 

ACE - Expert

 • 

16.5K Messages

6 years ago


@sp67398 wrote:

I am actually surprised to see if anyone things 4 digit password is OK. Switching from prepaid to postpaid is not the solution. It is not about accessing one account, identity theft happens when one get access to bit and pieces and knowing more about the person. 

  • Who said it was "OK"?

 

  • I asked you several questions about your three main concerns about this "serious security flaw" and you addressed none. 

 

  • I asked you how it works when you log in and even said I'm actually curious as to how this works and got no answer.

 

Switching from prepaid to postpaid is not the solution

Yes, switching would solve your concern FOR YOU.

 

I do get your point about accessing bits and pieces but other than that, it doesn't seem like you actually want to discuss this or support your thoughts much on this.

 

Are you saying someone can log in and buy stuff with the credit card number? (other than refilling?)

 

 

ACE - Sage

 • 

116.6K Messages

6 years ago

Considering ATT had a rash of hacked postpaid accounts, with new phones ordered worth $1000’s.  Unlike prepaid, it is possible to use the payment for something other than service.  (If you didn’t know that already, you can only refill your account, no apps, no phones, nothing.)

 

Tutor

 • 

4 Messages

6 years ago

All I am saying is having a 4 digit password in today's world is not secure. 

I am not saying that I am hacked or anyone has already accessed. 

Shouldn't a user be concerned about this?

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.