It seems the wave of hacking attempts and data breaches is now spreading to the telecommunication sector. Reportedly, hackers targeted T-Mobile and managed to pilfer 2 million customer records. Apparently the breach did not affect any financial details, however, customers’ personal data was exposed.
T-Mobile Data Breach Exposed 2 Million Records
As disclosed on T-Mobile’s website, the company suffered a cyber attack on August 20, 2018, that resulted in a massive data breach. Reportedly, the T-Mobile data breach resulted in the exposure of around 2 million customers’ records. Though the attackers did not succeed in accessing any financial information, they still managed to steal personal details.
Company officials noticed “unauthorized access” to the data, which they quickly shut down the same day. As stated in T-Mobile’s notification,
“Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information. On August 20, our cyber-security team discovered and shut down an unauthorized access to certain information, including yours.”
The personal data supposedly accessed in this breach includes usernames, phone numbers, email addresses, billing zip codes, account numbers, and types of account (whether prepaid or postpaid). However, the firm assures that the breached data did not include financial details or Social Security numbers.
Although, the official notification on their website still states that passwords remained safe. Nonetheless, regarding the passwords, a company official says that some “encrypted passwords” were leaked. Regarding the encryption, Motherboard shared the hash with two different researchers, who identified it as MD5 hash.
“It may be an encoded string hashed with the notoriously weak algorithm called MD5, which can potentially be cracked with brute-forcing attacks.”
Motherboard obtained the hashed passwords from a security researcher Nicholas Ceraolo, who approached them after the news surfaced online. He got the data from a “mutual friend” of him and the alleged hacker.
T-Mobile USA CEO, John Legere, thus recommends the customers to change passwords.
it’s always a good idea to regularly change account passwords
— John Legere (@JohnLegere) August 24, 2018
T-Mobile Faced Recurrent Cybersecurity Issues
With regards to the recent data breach, T-Mobile mentions in their announcement that they have taken appropriate security measures after the incident to mitigate such events in the future. Accordingly, they also informed their customers alongside reporting to the relevant authorities about the matter.
“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access.”
Lets not to forget that it isn’t the first time for T-Mobile to suffer a cyber attack. Earlier this year, the company warned its customers of a potential phone hijacking campaign.