T-Mobile Discloses Recent Security Breach Impacting 2M Customers, No Financial Data Compromised

Friday August 24, 2018 5:59 AM PDT by Mitchel Broussard

T-Mobile and its subsidiary MetroPCS today disclosed a recent incident where hackers gained "unauthorized access to certain information" of its customers, which the companies have already reported to the police and shut down. The security breach occurred earlier this week on Monday, August 20, and affected two million customers (via Motherboard).


T-Mobile promises that no financial data, credit card information, social security numbers, or passwords were compromised in the breach. However, "some of your personal information may have been exposed," the company states in the letter shared online, including one or more of the following: name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid).

A T-Mobile spokesperson says that the security breach affected "slightly less than" three percent of its 77 million customers, but did not reference a specific number. The incident reportedly happened "early in the morning" on August 20, and was perpetrated by hackers part of "an international group" that accessed T-Mobile servers through an API that "didn't contain any financial data or other very sensitive data."

The intrusion was discovered by T-Mobile's cybersecurity team the same day:

“We found it quickly and shut it down very fast,” the spokesperson said.

The spokesperson said she couldn’t give “specifics” of the attack and did not know whether the hackers were criminals or part of a government.

T-Mobile is reaching out to victims directly via text message to notify them, she said.

T-Mobile is now reaching out to notify all affected customers, and "if you don't receive a notification then that means your account was not among those impacted by this incident." The breach occurred less than a week after T-Mobile announced its new customer service initiative "Team of Experts."

Top Rated Comments

(View all)
Avatar
21 months ago

Here’s a great idea, stop centralizing databases.

Decentralize the customer information so they have direct access.

That wau when a hacker comes around, it’s not just one or two targets with MILLIONS of person info, instead they would need to target one person at a time

Not being a physical asset this would not apply. If you can see the records from a single machine it does not matter where they are stored. It would not make sense to have multiple systems for customer data, the agents alone would take a lot of time trying to find the user. So, option two is better management of access.
Score: 3 Votes (Like | Disagree)
Avatar
21 months ago

Here’s a great idea, stop centralizing databases.

Decentralize the customer information so they have direct access.

That wau when a hacker comes around, it’s not just one or two targets with MILLIONS of person info, instead they would need to target one person at a time

There's no solution that's hacker-proof. A script can be written to pull the data of one customer and re-run a million times automatically to pull the data of all the others.
Score: 2 Votes (Like | Disagree)
Avatar
21 months ago
Yeah, I got a text message yesterday saying my info was compromised.

I hope whoever steals my identity enjoys the student loan debt!
Score: 2 Votes (Like | Disagree)
Avatar
21 months ago
Beware that this is the perfect situation whereby you are the target of "spear phishing"

Here is how that would work:
[LIST=1]
* The news are out that T-Mobile servers have been compromised, and that a small fraction of subscribers will receive an email warning them that they may have been the target.
* You receive such email. The email appears to be authentic; but it is not and yet it appears crafted by T-Mobile Customer Service.
* It includes within the email body an embedded URL requesting you, the recipient, to click and login onto your T-Mobile account, and "change your password".
* The URL is fake, and points to hackers' backend servers.
* Unaware, you click and "login" with your login credentials.
* Presto, your credentials are now on the wild, and you have given the hackers a free pass to your T-Mobiel account, and posible financial information.

So beware.
Never click on embedded URLs within the body of emails.
Score: 1 Votes (Like | Disagree)
Avatar
21 months ago
Here’s a great idea, stop centralizing databases.

Decentralize the customer information so they have direct access.

That wau when a hacker comes around, it’s not just one or two targets with MILLIONS of person info, instead they would need to target one person at a time
Score: 1 Votes (Like | Disagree)

Top Stories

Apple Acquires Weather App Dark Sky

Tuesday March 31, 2020 10:22 am PDT by Juli Clover
Apple has acquired weather app Dark Sky, Dark Sky's developers announced today. Dark Sky is one of the most popular weather apps on the App Store, known for its accuracy and storm warnings. Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy. There is no ...

Seemingly Unreleased Version of Logic Pro X With Live Loops Appears on Apple's Education Site [Updated]

Sunday March 29, 2020 7:23 am PDT by Hartley Charlton
Update: Apple has replaced the Logic Pro X image with an older version. Original story follows. A seemingly unreleased version of Logic Pro X has appeared on Apple's education site, as spotted by a Reddit user. The image from Apple's education products page shows a 16-inch MacBook Pro running Logic Pro X, but with a familiar interface that looks extremely similar to GarageBand's Live Loops ...

Bloomberg: Apple's 5G iPhone Still on Schedule for Fall Launch, But Future Products Could Be Delayed

Monday March 30, 2020 2:40 am PDT by Tim Hardwick
Apple's 5G iPhone is still on track to launch within the company's typical annual fall release schedule, according to a new Bloomberg report on filed on Monday. Signs are that Apple's Chinese-centric manufacturing -- of which Hon Hai is the linchpin -- is slowly getting back on track. The next iPhones with 5G wireless capabilities remain on schedule to launch in the fall, partly because mass...

Case for Upcoming Low-Cost iPhone Shows Up at Best Buy With Alleged April 5 Stock Date

Monday March 30, 2020 4:25 pm PDT by Juli Clover
Apple has a new low-cost iPhone in the works, which is supposed to be launching sometime in the first half of 2020. Given the ongoing situation in the United States and other countries, it's been unclear if the device is going to launch within the planned timeline, but there are signs that it could be coming soon. We started seeing cases for the new low-cost iPhone back in early February,...

Testing Brydge's New Pro+ Keyboard With Trackpad for iPad Pro

Monday March 30, 2020 2:04 pm PDT by Juli Clover
Well ahead of when Apple introduced trackpad support in iOS 13.4, Brydge announced an iPad Pro keyboard with a built-in multi-touch trackpad. We have one of Brydge's new Pro+ keyboards on hand, and thought we'd check it out to see how it works with Apple's new 2020 iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. The Brydge Pro+ keyboard is similar in design to...

Apple's Work on New Upcoming Products Progressing Normally as Employees Adjust to Telecommuting

Monday March 30, 2020 11:58 am PDT by Juli Clover
Apple's development of upcoming products is progressing as usual despite the fact that Apple employees around the world are working from home, according to a new report today out from Bloomberg. Apple is still working on new versions of the HomePod, Apple TV, MacBook Pro, budget iPads, Apple Watch, iPhone, and iMac, all of which could be released "as early as later this year" and have been...

Apple Releases ProRes RAW Beta for Windows

Monday March 30, 2020 9:33 am PDT by Juli Clover
Apple today released ProRes RAW for Windows in a beta capacity (via Mark Gurman), with the software designed to allow ProRes RAW and ProRes RAW HQ video files to be watched in compatible applications on Windows machines. According to Apple, the software will let the files be played within several Adobe apps: Adobe After Effects (Beta) Adobe Media Encocder (Beta) Adobe Premiere...

2020 iPad Pro Teardown Provides Closer Look at LiDAR Scanner and Confirms Incremental Update

Saturday March 28, 2020 9:56 am PDT by Hartley Charlton
iFixit today shared a video teardown of the new iPad Pro, which Apple unveiled earlier this month. iFixit found that most of the internals of the 2020 iPad Pro are the same as the 2018 model, confirming that the device is a relatively incremental update. The most notable new feature seen inside the new iPad Pro was the LiDAR scanner, which measures the distance to surrounding objects up...

Apple Configurator 2 Updated With New Features, Including Support for Restoring Firmware on 2019 Mac Pro

Tuesday March 31, 2020 5:34 am PDT by Joe Rossignol
Apple Configurator 2 has been updated to version 2.12 with several improvements, including support for restoring firmware on the 2019 Mac Pro. The release notes:• Added support for restoring firmware on the 2019 Mac Pro • Allow access to websites using TLS 1.0 and 1.1 • VPN: Configure Provider Designated Requirement for Custom SSL connection type • VPN: Configure network options for ...

U.S. Government Using Mobile Ad Location Data to Track Compliance With Curbs on Movement

Monday March 30, 2020 4:48 am PDT by Tim Hardwick
The U.S. government is using smartphone location data from the mobile ad industry to track people's movements amid the coronavirus outbreak, according to a Wall Street Journal report. Local governments and the Centers for Disease Control and Prevention have received the anonymized data about people in areas of "geographic interest," with the aim being to create a portal of geolocation...