Wireless network operator T-Mobile has suffered yet another data breach.
According to a notice filed with the U.S. Securities and Exchange Commission (SEC), on January 5, 2023, T-Mobile discovered that hackers exploited a vulnerability in the company’s API to steal data.
A preliminary investigation by T-Mobile found that the hackers had stolen the details of “currently approximately 37 million postpaid and prepaid customer accounts.”
sign up for newsletterSecurity news, advice and tips.
Although the API did not allow access to customer social security numbers, passwords, payment card details, and other financial account information, many customers were found to have exposed the following details:
- name
- Billing Address
- telephone number
- Birthday
- T-Mobile account number
- Information such as the number of lines in your account and plan features
So, the good news is that your payment information has not been stolen. teeth Just being in the hands of hackers now is enough to trick unwary T-Mobile customers.
Scammers use information stolen from T-Mobile to send convincing phishing messages, presumably masquerading as legitimate communications from carriers, to trick unwary recipients into more sensitive information It’s not at all surprising that you want to share a .
According to T-Mobile, the attackers first exploited the affected API around November 25, 2022. This means the attacker could have collected data about her T-Mobile customers for a month or more before he became aware of the unauthorized access.
T-Mobile says it has notified affected customers of the data breach and has notified federal authorities and law enforcement.
We’ve finally counted the number of times T-Mobile has suffered a data breach. Below are some of the incidents I know of.
August 2021 – T-Mobile warns cybercriminals have accessed customer names, driver’s license details, government-issued ID numbers, Social Security numbers, dates of birth, T-Mobile prepaid PINs, addresses and phone numbers Did.
The confirmation from T-Mobile comes days after the hackers put up for sale data related to what they claimed were 100 million T-Mobile users on an underground forum.
January 2021 – Hackers could, in T-Mobile’s words, “include phone numbers, number of lines registered to the account, and possibly call-related information collected as part of normal operations. We were able to access potentially sensitive customer account information for wireless services.”
March 2020 – T-Mobile reveals hackers broke into employee email accounts and stole customer account information.
November 2019 – T-Mobile has identified more than 1 million prepaid customers affected by a breach in which hackers accessed names, phone numbers, billing addresses, T-Mobile account numbers, and rate and plan details. bottom.
August 2018 – Hackers stole the details of 2 million T-Mobile customers.
In 2021, T-Mobile launched a “several multi-year investment to strengthen, working with leading external cybersecurity experts. [its] Cybersecurity Capabilities and Transformation [its] Approach to cyber security. “
The company says it has “made great strides to date and protects.” [its] Customer data remains our top priority. “
It’s all pretty depressing, right? Here’s a photo of the T-Mobile store in Times Square.
Did you find this article interesting? Follow Graham Cluley on Twitter Or you can read more exclusive content we post on Mastodon.
