On Thursday, T-Mobile declared that a hacker was successful in infiltrating the private data of 37 million consumer accounts. This illicit access revealed sensitive information for all involved parties and is an unsettling breach of security.
On November 25, a malicious “bad actor” commenced pilfering information from the telecom giant, which includes names and addresses of customers, their emails, phone numbers, birthdates as well as T-Mobile account numbers with details about a number of lines associated with each one and its plan features.
According to a T-Mobile SEC filing, the breach was found on January 5 and promptly solved within 24 hours. The hacker had been taking advantage of an exposed vulnerability that was quickly closed off once detected.
According to T-Mobile, the hackers did not breach any of their systems directly but rather took advantage of an application programming interface (API).
The company declared-
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network.”
The T-Mobile network has been the victim of a staggering eight cyberattacks since 2018, with the most recent one conducted by Lapsus$ in 2022. This malicious group was able to use their access to internal tools and carry out SIM swaps, which allowed them to take over victims’ phone numbers and potentially gain entry into sensitive accounts such as email or cryptocurrency wallets.
In light of this security breach, T-Mobile has recommended that all customers take precautionary measures to protect their data. It has also set up a dedicated number for anyone with questions about the incident.
Shivendra Tiwari is an Engineer and an MBA in Marketing. He is the Content head at Marketing91 and a thorough Online Marketing enthusiast. Shivendra loves to follow different brands and study their Business and Marketing tactics.