(no title)

Employees are able to override the pin entering requirement. There is absolutely nothing you can do to stop this from happening if you happen to get targeted. (Speaking from experience)

AT&T employees on the inside were in on the scam. There's more details in this other article:

https://www.foxla.com/news/fox-11-tracks-down-verizon-employ...

It’s better than nothing that AT&T finally allows pins at all, but one thing that’s insane about it is every time you log in on the web there’s a checkbox to never ask for your pin again. It’s exactly where you’d expect a checkbox for something like “remember me”, except it opens up a huge security hole in your account if you accidentally check it.

Pins obviously have other issues that make no sense, like the incredibly low complexity allowed that would never be acceptable for a password. But even aside from that I guess AT&T also want everyone to turn their pin off? I hope they do lose a lawsuit and actually have to start giving a shit about pin swapping and make things more secure by default.

When i upgraded my phone, I had to get a new (micro?) sim and they didn't even ask for my ID or the old sim.

Exactly. I have a pin on my account after identity thieves opened a bunch of AT&T and Verizon accounts under my name (thanks Equifax!). Since this happened I’ve been in the AT&T stores when I bought an unlocked phone on two occasions. The employees at the store weren’t able to do a thing until I spoke with a special call center on the phone and did verifications.

One time there was something wrong on their end and no one could do anything until the system to verify my pin was back up.

Would that have helped if there was an insider (AT&T supervisor) authorizing the transfer?

i.e. can a supervisor override lack of a PIN?

Pin is last 4 of social which isn’t hard to get.