So just wondering, if someone SIM swaps me:
-
how do they have my passwords? wouldn't they still need my password to log into things? Actually I just restarted my phone & none of my apps required a login. However I tend not to use apps & instead use browser versions of things. Everything I do on browser requires a manually entered password.
-
can they pull all the data off my phone even if I don't sync it to the cloud? I don't see how that should be possible. If not, what exactly have they accomplished other than to redirect my texts & phone calls?
SIM card is used primarily to identify and authenticate yourself with the cellular network. They don't really function to authenticate websites or apps, the device and/or app does that itself and you'd find that to work the same with the SIM removed and a wifi connection. I'd say perhaps they could get your stored contacts as there was a time when storing contacts there was a thing, but I don't think any modern devices even use that anymore.
Pulling data off phone with a SIM is a no-go, even if you'd put it in a cloud the SIM would be part of the phone carrier, you'd need some really weird coincidence like the person that swapped your SIM to happen to be in the right position at the phone company to capture the data, which would still be encrypted most likely and useless to them, and someone in that position wouldn't need to swap your SIM for it anyway.
Really the biggest risk I can think of if someone swapped your SIM is use of your previous SIM to impersonate you via texts and calls from a different device using your number. I presume whatever SIM yours was replaced with doesn't work or uses a different number than you're supposed to have? The main risk to data already on your phone would have been whatever they did when they had physical access to your phone.