I called T-Mobile about this but had trouble getting a straight answer to my question. I know it's a bit complex with the intrusion point coming from any possible number of locations, so I'm going to first ask the question that T-Mobile should be able to answer.
1. I have two sms messages in my Usage->Messaging that I never received on my phone. Is it possible to see where those went? Does that network know when it's talking to my phone and when it's talking to another phone? Does the network know what city those smses were sent to? The question I'm trying to answer is were those messages sent to my phone and auto-deleted by some virus or were they sent to another device and never made it to my phone?
At 8:40am Telegram sent me a login code via the Telegram desktop app.
At 8:44am Telegram informs me that someone has logged into my account.
I immediately go and revoke access and begin the process of setting up 2fa with a password.
At 8:45am Telegram sent me a login code via the Telegram desktop app.
At 8:46am Telegram sent me a login code via the Telegram desktop app.
Somewhere around this time I disable wifi on my phone and notice that my phone is not connecting to the mobile internet.
At 8:48am Telegram informs me that someone has logged into my account via ip address #1
At 8:48am Telegram informs me that someone has logged into my account via ip address #2
I revoke access.
I finish setting up 2fa.
I restart my phone and get 2 smses informing me that my MMS and WAP Service Settings have arrived. My assumption being that my phone shows up as a new phone on the network and gets sent these settings, but I'm not very familiar with how mobile networks work.
What I'm ultimately trying to clear up here is if T-Mobile was the intrusion point, if my phone has been hijacked or if they found another exploit. I called T-Mobile and they have no record of anyone else calling in, so that's out of the equation. But where did those smses go?