• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

T-Mobile Notifies Its Customers of A Security Breach

September 19, 2018 By Trevor Collins

T-Mobile is having a rough year. Back in May, security researchers discovered an open API that could allow attackers to siphon off sensitive customer information. Now, just a few weeks ago, T-Mobile disclosed that that on August 20th their security team found unauthorized users retrieving data from T-Mobile servers. At this time, they believe over 2 million accounts were compromised. MetroPCS, a subsidiary of T-Mobile, was affected as well. Since this is a developing story it’s possible that the full extent of this breach hasn’t been discovered.

At first T-Mobile made it clear that no financial data (including credit card numbers), social security numbers, or passwords were compromised. Only names, addresses, emails, and phone numbers were captured. However, T-Mobile later said the “encrypted passwords” were stolen. When asked why they didn’t explain this earlier a spokesman for T-Mobile said it was because the clear text passwords were not compromised. Researchers who have investigated the encrypted passwords have said they are simple MD5 hashes that can be easily broken. Also, if you were the victim of a previous breach your phone number can be used to aggregate your information between this breach and the previous one.

No information on how the breach was made or discovered was released. A Reddit user, who has been verified as a T-Mobile employee by Reddit, said, “Any account that still had not added a pin was affected.”

Users on the same post were also saying they had previously set up a pin. Perhaps only users who have not set up a pin (or if the hackers were able to get the users pin/SSN) were affected. If true, we can glean a little more into what happened during the breach and how the servers were compromised.

This breach is probably going to cause an increase in unauthorized phone porting, where a user’s phone number gets transferred to another phone without authorization. If you have a T-Mobile account I recommend changing your password. T-Mobile does offer SMS 2-factor authentication. While SMS 2FA is not the best, until a token-based 2FA is set up I recommend using this SMS method to further secure your account.

For more information on this breach, see T-Mobile’s page for affected customers here.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Infosec news

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use