The other day I was at a T-Mobile hotspot. I used to have an account, but couldn’t remember it. I have various standard usernames and did a password recovery on one. I was prompted for my city of birth, which I entered and I was allowed in. It turns out that the person who owned the account had two things in common with me, Username and city of birth.
I quickly noticed that I had logged into the wrong account when T-Mobile logged me in and said “Welcome SomebodyElsesName”. I looked at the contact info, logged into Gmail and wrote an e-mail to the owner of the account to let him know his new password and that the whole thing was an accident. He was very understanding and thanked me for behaving this way.
Just thought I’d bring some attention to this problem. As more of us go on-line, this is something that is going to happen more often as time goes by unless companies wise up and require some form of verification before allowing password recovery. If T-Mobile logged me in for 30 minutes and made me confirm by entering a code sent to my e-mail account, this wouldn’t be such a serious problem.
Leave a Reply