This morning, I launched the DirecTV app on my iPhone (connected to my home network via wifi).
On launch, I saw a login screen that looked slightly different than usual; the app had been updated recently, so I assumed it was the new login screen. But when I entered my user name and password (on the first attempt), I saw the screen to the right…
At this point, alarm bells went off. Not just because it was my first attempted login, but also due to the grammar of that last sentence:
“Please, contact AT&T operator.”
That’s wrong in many ways—and there’s no provided method for contacting an AT&T operator. I now believed I had been scammed: Somehow, a fake login page was injected where the app would normally display its login screen. As soon as I pressed Enter after entering my password, I’m sure my username and password were sent off to some server somewhere.
I immediately opened the DirecTV web site on my Mac, logged in (using my supposedly-locked account and current password), and changed my password. That all worked, and I received the email stating I’d changed my password, so I’m pretty sure my account is fine. (And I use unique passwords for each service, so the one that was probably compromised is useless to the hackers.)
But the bigger question here is what happened and how did it happen?