So… I recently called into AT&T to reset a password for an @sbcglobal.net email address, firstly I want to explain some things. It seems AT&T reps are able to reset passwords with crappy 6 character passwords only containing numbers and are authorized to give that password to someone over the phone.
What I really only needed to reset the password for this @sbcglobal.net email address…
- A valid account number, and name of account owner.
- An “I’m stupid” mentality.
- The ability to act confused.
- The email address you’d like the password to be reset on.
- The name of the person who owns the email account.
Really.. I’m serious.. That’s truly all I needed. It could have been the rep’s fault, and I do think she got pissed off and just thought I was some idiot who knew nothing about computers. She might have just gave in to get me off the phone. How the emails and account got setup was an utter mess though. So I genuinely was confused, and AT&T made me call in to perform the password reset.
So, I called up and was directed to a rep who eventually directed my call to the “technical support” department. After giving the lady with an attitude my client’s details (account # & name on the account) and explaining the situation. She asked me verification questions such as the “passcode” on the account. I was unable to answer the questions as I genuinely didn’t know what it was and neither did my client. I then asked if there was any other way I could verify. She then asked me one of the security questions, again, I didn’t know the answers. She seemed quite frustrated at that point. And it wasn’t just me playing dumb 😀 the person who setup the account didn’t pass down the details and a couple days ago that became a problem. After explaining the situation to her further, with interruptions from her, she angrily said she’s closing out the window because clearly this isn’t my account because I can’t verify my identity. She then asked what the email was where I’d like the password reset on. I told her the email and acted clueless at this point. She took a few minutes and asked me the name of the person who owns the account. She then told me to enter a URL where I could login. She gave me the temporary password. I entered it and was prompted to set a new password along with security questions. At that point I was thinking wtf.. But I was happy to have gotten in anyways.
I’m not sure if this is some big mistake by the rep or a hole in AT&T’s verification process. Nonetheless, it shows that I was able to get into an email account without any verification that I truly was the owner. I would stay FAR away from AT&T for this purpose along with their garbage “U-verse” internet.