Wireless network operator T-Mobile has suffered yet another data breach.

according to news T-Mobile, filing with the U.S. Securities and Exchange Commission (SEC), discovered on January 5, 2023 that hackers exploited a vulnerability in the company’s API to steal data.

A preliminary investigation by T-Mobile found that the hackers had stolen the details of “currently approximately 37 million postpaid and prepaid customer accounts.”

e-mailsign up for newsletter
Security news, advice and tips.

Although the API did not allow access to customer social security numbers, passwords, payment card details, and other financial account information, many customers were found to have exposed the following details:

  • name
  • Billing Address
  • e-mail
  • telephone number
  • Birthday
  • T-Mobile account number
  • Information such as the number of lines in your account and plan features

So, the good news is that your payment information has not been stolen. teeth Just being in the hands of hackers now is enough to trick unwary T-Mobile customers.

Scammers use information stolen from T-Mobile to send convincing phishing messages, presumably disguised as legitimate communications from the carrier, to trick unwary recipients into more sensitive information It’s not at all surprising that you want to share a .

According to T-Mobile, the attackers first exploited the affected API around November 25, 2022. This means that the attacker could have collected data about her T-Mobile customers for over a month before he became aware of the unauthorized access.

T-Mobile said it has notified affected customers of the data breach and has notified federal authorities and law enforcement.

We’ve finally counted the number of times T-Mobile has suffered a data breach. Below are some of the incidents I know of.

August 2021 – T-Mobile warns cybercriminals have accessed customer names, driver’s license details, government-issued ID numbers, Social Security numbers, dates of birth, T-Mobile prepaid PINs, addresses and phone numbers Did.

The confirmation from T-Mobile comes days after the hackers put up for sale data related to what they claimed were 100 million T-Mobile users on an underground forum.

January 2021 – Hackers could, in T-Mobile’s words, “include phone numbers, number of lines registered to the account, and possibly call-related information collected as part of normal operations. We were able to access potentially sensitive customer account information for wireless services.”

March 2020 – What T-Mobile revealed Hackers broke into employee email accounts and stole customer account information.

November 2019 – T-Mobile 1 million prepaid customers affected by breach We saw the hackers gain access to their names, phone numbers, billing addresses, T-Mobile account numbers, and pricing and plan details.

August 2018 – Hackers stole the details of 2 million T-Mobile customers.

In 2021, T-Mobile launched a “several multi-year investment to strengthen, working with leading external cybersecurity experts. [its] Cybersecurity Capabilities and Transformation [its] Approach to cyber security. “

The company says it has “made great strides to date and protects.” [its] Customer data remains our top priority. “

It’s all pretty depressing, right? Here’s a photo of the T-Mobile store in Times Square.

T-Mobile in Times Square

Did you find this article interesting? Follow Graham Cluley on Twitter Also Mastodon To read more about the exclusive content we post.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst, makes regular media appearances and gives international lectures on computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyfor Mastodon @[email protected]or drop him an email.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog