I’ve now twice in 2024 had my account locked due to email compromise and another time had my password changed with 2FA bypassed.
My password strength has always been good and I’m just using an iPhone and laptop, only on my own wifi or just mobile data.
The password change happened while I was asleep, no 2FA text although it was switched on. I just got a text telling me my password was changed.
Since the last time and this I’ve only used BT email through the app on a fully iOS updated iPhone. No-one knows my password nor uses my phone.
I’m starting to think the BT email servers must be insecure. How can 2FA being bypassed be explained?
I think if you contact the Security team they will look into this for you. I am sure there will be an explanation for it.
I’ve called and spoke through it with no explanation provided. When I change my password the 2FA works but when someone else does it the 2FA doesn’t happen. I’ve found other posts on here saying the same. I’m no expert but my concern would be that the passwords are being changed on the server.