Wireless community operator T-Mobile has suffered one more information breach.
According to a discover filed with the US Securities and Exchange Commission (SEC), T-Mobile found on 5 January 2023 that hackers had exploited a weak point within the firm’s API to steal information.
T-Mobile’s preliminary investigation has discovered that the main points of “approximately 37 million current postpaid and prepaid customer accounts” have been stolen by hackers.
Sign as much as our publication
Although the API didn’t grant entry to prospects’ social safety numbers, passwords, fee card particulars, and different monetary account data it seems that a lot of prospects have had the next particulars uncovered:
- identify
- billing deal with
- telephone quantity
- date of start
- T-Mobile account quantity
- data such because the variety of strains on the account and plan options
So, it’s excellent news that fee data has not been stolen, however the data that is now within the arms of hackers is certainly sufficient to rip-off unwary T-Mobile prospects.
We shouldn’t be in any respect stunned if fraudsters use the knowledge that they’ve stolen from T-Mobile to ship convincing phishing messages, maybe posing as official communications from the telecoms firm, with the intention of tricking unwary recipients into sharing extra delicate data.
According to T-Mobile, the attackers first exploited the impacted API round November 25, 2022. That implies that they might have been scooping up information about T-Mobile’s prospects for over one month earlier than their unauthorised entry was seen.
T-Mobile says it’s informing affected prospects concerning the information breach, and has notified federal authorities and legislation enforcement.
I’ve final depend of what number of occasions T-Mobile has been information breached – listed here are a number of the incidents I find out about:
August 2021 – T-Mobile warned that cybercriminals had accessed prospects’ names, driver’s license particulars, authorities identification numbers, Social Security numbers, dates of start, T-Mobile pay as you go PINs, addresses and telephone numbers.
The affirmation from T-Mobile got here days after a hacker provided on the market on an underground discussion board information associated to what they claimed had been 100 million T-Mobile customers.
January 2021 – Hackers managed to entry buyer account data which can, in T-Mobile’s phrases, “have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.”
March 2020 – T-Mobile reveals that hackers broke into workers’ e-mail accounts and stole buyer account data.
November 2019 – T-Mobile confirmed that greater than a million pay as you go prospects had been impacted by a breach which noticed hackers entry their names, telephone numbers, billing addresses, T-Mobile account numbers, and particulars about charges and plans.
August 2018 – Hackers stole particulars of two million T-Mobile prospects.
In 2021, T-Mobile “commenced a substantial multi-year investment working with leading external cybersecurity experts to enhance [its] cybersecurity capabilities and transform [its] approach to cybersecurity.”
The firm says that it has “made substantial progress to date, and protecting [its] customers’ data remains a top priority.”
It’s all fairly miserable, isn’t it? Here’s an image of T-Mobile’s retailer at Times Square to cheer you up.
Found this text fascinating? Follow Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we put up.