In a financial filing on Thursday, T-Mobile revealed that a hacker accessed a trove of personal data belonging to 37 million customers.
The telecom giant said that the “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25.
In the SEC filing, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting.
The hackers, according to T-Mobile, didn’t breach any company system but rather abused an application programming interface, or API.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote.
This is the eighth time T-Mobile was hacked since 2018. The most recent incident was in 2022, when a group of hackers known as Lapsus$ were able to gain access to the company’s internal tools, which gave them the chance to carry out so-called SIM swaps, a type of hack where hackers take over a victim’s phone number and then try to leverage that to reset and access the target’s sensitive accounts such as email or cryptocurrency wallets.
T-Mobile has 110 million U.S. customers. A spokesperson for T-Mobile did not respond to a request for comment.
https://techcrunch.com/
Ever since Elon Musk spent $44 billion on Twitter and laid off a large percentage of the company’s staff, there have been concerns about data breaches. Now it seems a security incident that predates Musk’s takeover is causing headaches. This week, it emerged that hackers released a trove of 200 million email addresses and their […]
Microsoft says a vulnerability it discovered in a core macOS security feature, Gatekeeper, could have allowed attackers to compromise vulnerable Macs with malware. The flaw, tracked as CVE-2022-42821, was first uncovered by Microsoft principal security researcher Jonathan Bar Or, and dubbed the “Achilles” vulnerability. Bar Or said the bug could allow malware to skirt Gatekeeper’s protections […]
as we all know, humans are often the weakest part of the security chain.” Those are the words of Reddit CTO Christopher Slowe, who was quick to play the blame game in a post announcing that Reddit experienced a breach of internal data last week. He explained that the platform was compromised after an attacker sent “plausible-sounding prompts” to employees […]
Leave a Reply