First, thanks to all who offered condolences and advice last night. Much appreciated!

Briefly, someone hijacked my phone's SIM card. They went into a T-Mobile store and, according to T-Mobile, showed ID and got a new SIM card for my number for their own device. They then got into my email and changed passwords on several of my accounts. Since I had SMS 2FA on my T-Mobile account and the others, when they accessed the accounts and then changed the passwords, the SMS notifications went to their phone. This took them a total of only 5 minutes, after which T-Mobile says that they switched SIM cards back so that I again had service and received notifications. I was alerted to this by the T-Mobile SMS that I had changed my SIM card (the notification of the change back to my own SIM card).

Fortunately, for the two accounts which were most important, I had set up Google Authenticator. Though the bad guys were able to change my passwords, they were unable to get past the Authenticator codes and so were unable to empty the accounts. I still don't have access to one of those, but support has let me know that it was Google Authenticator that stopped them, and that the funds are safe. I feel relieved today.

Thanks also to those who shared the article and podcast. Though I was aware of the SIM porting scheme (that was why I set up my T-Mobile account to require in-person only account changes) I had no idea how easy it is for those with bad intentions to gain access to all sorts of accounts and information. This was a wakeup call for me. Thankfully it turned out okay, and hopefully some of you can prevent happening to yourselves what happened to me, or something even worse.