Someone ported my Xfinity Mobile number without my authorization. They then used my mobile number to change passwords on my PayPal and other accounts. I spent 2 hours on the phone with a nice Xfinity Mobile agent who really wanted to help me. She told me I needed to file a police report in order for them to get my number ported back, which I did. I was told the number would be ported back within 72 hours. 72 hours passed and the number was not ported, so I called again. Now I'm told there is no way to get the number ported back because the person transferred the number to Simple Mobile and put a PIN on the number. So there is no way to port the number out of Simple Mobile without that PIN, even with a police report.
So my next question was, why didn't my number have a PIN at Xfinity Mobile? I was told that Xfinity Mobile does not allow adding a PIN to your number and the PIN is 0000 for all numbers. So essentially, anyone who has your personal information can transfer your phone number out of Xfinity Mobile without your permission and without having to provide a PIN. I was told I could get a new phone number with Xfinity Mobile, but why would I do that if someone obviously has my personal information and obviously knows about this security flaw with Xfinity Mobile numbers?
My advice to anyone: do not use your Xfinity Phone number for anything important. Because they do not require a PIN or password to port out the number they can easily commit identity fraud by stealing your phone number and using it to take over your bank accounts.
I don't know. Makes me seriously wonder if there was an XM data breach. Or perhaps they somehow were able to access my XM account. I've since changed my password and added 2 factor authentication. But every other mobile company has the added security of a PIN to prevent unauthorized porting.
The exact same thing happened to me. 2-factor authentication won't protect you because that only stops someone from accessing your Xfinity online account, but they can still port out your number tomorrow. Your account number doesn't change so you still have no security protection with Xfinity Mobile.
I was concerned about this, but when I looked into it today (10/7/2019) it appears that perhaps the procedure has changed. It appears that they now generate a unique PIN on-the-fly.
"If you are transferring your phone number, your new carrier will ask you for a PIN. For your security, Xfinity Mobile generates a unique security PIN upon request.
Below, select the active line where we can send an SMS with your security PIN. The same security PIN can be used to transfer any number on your account. It will expire in five days."
So, if you can keep your XM account secure (and don't lose your phone), does this mean your phone number is safe?
Thanks for this new information.
You must go to the device page on the XM mobile web App. It is currently not available within the XM Apple iPhone App.