Person typing on computer keyboard

Photo by Soumil K umar Creative common license at pexels.com Person Typing on Computer Keyboard

T-Mobile Hacked”

T-Mobile filed a report on January 19, 2023, with the United States Securities and Exchange Commission (SEC) reporting that they had identified a “bad actor” obtaining data through an insecure Application Programming Interface (API). The SEC is a government reporting agency to which all companies are required to make reports of network security breaches. A “bad actor” is anyone that accesses data on a company network without authorization, and an API is a programmable interface to allow for automated systems to access data within a network. An example of an API is the form you see on many websites that says, “Sign in with your Google account”.

On January 5, 2023, T-Mobile network engineers noticed unusual traffic on a particular API. They immediately began an investigation along with an external cybersecurity team and rapidly located the source of the security breach and sealed the gap. They are continuing their investigation to determine the extent of the customer data which was compromised. At this point they do not believe any sensitive customer information, like social security numbers, credit card numbers, or banking information was collected. The data tied to customer accounts and finances were not at risk by the event.

The compromised API was only able to access limited customer information including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features. The majority of this information can be used against T-Mobile much more than against their customers. The news on this, however, gets much worse. The “bad actor” had access to this information from around November 25, 2022, and accessed records of over 37 million T-Mobile customers. T-Mobile expects to incur significant expenses in connection with the incident.

This is the eighth time T-Mobile has been hacked since 2018 and the prior attack was when a group known as Lapsus$ gained access to T-Mobile’s internal APIs, allowing them to do things like SIM swaps, which would allow the hacker to take over a customer’s phone number and leverage the phone to reset bank account login information, cryptocurrency accounts, etc. The recent attack was much less dangerous to the customer. However, there are some steps I would recommend taking if you are a T-Mobile customer.

First you should call T-Mobile and ask that they modify any security questions they have set on your account. If they ask to verify your address, date of birth, or number of lines on the account in order to prove your identity, inform them that the recent hack potentially gave a hacker access to this information and you would like to set up a new method of personal identification with them. I know that U.S. Cellular uses a PIN number, just like banks, to identify me when I call. Force them to set up something new to identify you.

Second, if you receive a call from T-Mobile, do not verify any information; hang up the phone immediately and call T-Mobile directly. It is highly likely that a call from T-Mobile is actually a call from the hacker group trying to gain more information. In fact, this is good advice anytime you receive a call from a utility or service company. I always tell them I will call customer service directly and thank them for their time. There is always the risk that someone is pretending to be working for the company to gain information.

Third, you may consider changing providers, or at the very least request a new account number and possibly a new phone number in order to break the link between your account and current phone number, banking information and personal data. It is a risk to leave things alone when data about you has been stolen. T-Mobile customers impacted by the breach may be entitled to financial compensation as well.

Until next week, stay safe and learn something new.

Scott Hamilton is an Expert in Emerging Technologies at ATOS and can be reached with questions and comments via email to sh*******@te**********.org or through his website at https://www.techshepherd.org.

T-Mobile filed a report on January 19, 2023, with the United States Securities and Exchange Commission (SEC) reporting that they had identified a “bad actor” obtaining data through an insecure Application Programming Interface (API). The SEC is a government reporting agency to which all companies are required to make reports of network security breaches. A “bad actor” is anyone that accesses data on a company network without authorization, and an API is a programmable interface to allow for automated systems to access data within a network. An example of an API is the form you see on many websites that says, “Sign in with your Google account”.

On January 5, 2023, T-Mobile network engineers noticed unusual traffic on a particular API. They immediately began an investigation along with an external cybersecurity team and rapidly located the source of the security breach and sealed the gap. They are continuing their investigation to determine the extent of the customer data which was compromised. At this point they do not believe any sensitive customer information, like social security numbers, credit card numbers, or banking information was collected. The data tied to customer accounts and finances were not at risk by the event.

The compromised API was only able to access limited customer information including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features. The majority of this information can be used against T-Mobile much more than against their customers. The news on this, however, gets much worse. The “bad actor” had access to this information from around November 25, 2022, and accessed records of over 37 million T-Mobile customers. T-Mobile expects to incur significant expenses in connection with the incident.

This is the eighth time T-Mobile has been hacked since 2018 and the prior attack was when a group known as Lapsus$ gained access to T-Mobile’s internal APIs, allowing them to do things like SIM swaps, which would allow the hacker to take over a customer’s phone number and leverage the phone to reset bank account login information, cryptocurrency accounts, etc. The recent attack was much less dangerous to the customer. However, there are some steps I would recommend taking if you are a T-Mobile customer.

First you should call T-Mobile and ask that they modify any security questions they have set on your account. If they ask to verify your address, date of birth, or number of lines on the account in order to prove your identity, inform them that the recent hack potentially gave a hacker access to this information and you would like to set up a new method of personal identification with them. I know that U.S. Cellular uses a PIN number, just like banks, to identify me when I call. Force them to set up something new to identify you.

Second, if you receive a call from T-Mobile, do not verify any information; hang up the phone immediately and call T-Mobile directly. It is highly likely that a call from T-Mobile is actually a call from the hacker group trying to gain more information. In fact, this is good advice anytime you receive a call from a utility or service company. I always tell them I will call customer service directly and thank them for their time. There is always the risk that someone is pretending to be working for the company to gain information.

Third, you may consider changing providers, or at the very least request a new account number and possibly a new phone number in order to break the link between your account and current phone number, banking information and personal data. It is a risk to leave things alone when data about you has been stolen. T-Mobile customers impacted by the breach may be entitled to financial compensation as well.

Until next week, stay safe and learn something new.

Scott Hamilton is an Expert in Emerging Technologies at ATOS and can be reached with questions and comments via email to sh*******@te**********.org or through his website at https://www.techshepherd.org.

Share via
Copy link
Powered by Social Snap