T-Mobile Hacked for the Eighth Time Recently

T-Mobile recently admitted yet another data breach. This time it compromised 37 million customers.

The attack used – or abused – one of T-Mobile’s APIs. Dedicated readers probably remember that I warned about the abuse of APIs last week. It is a growing problem because companies are not paying enough attention to API security.

The good news is that the data stolen is of the less sensitive variety – name, address, email, phone, birth date, T-Mobile account info, plan features, etc., although not all customers had all of the data compromised.

T-Mobile is notifying customers, so if you are a customer, expect to get a notice.

But here is another thought for T-Mobile customers. How many breaches does it take for people to leave? People tend to avoid pain and changing phone carriers, even if you keep your number, is painful.

In 2019, it was prepaid phone customers.

In 2020 it was employee data.

Also in 2020, hackers stole phone numbers and call detail records.

In 2021, they accessed an internal application that allowed them to hijack customers’ accounts.

Later in 2021, hackers brute-forced their way into the company’s network. In this attack, T-Mobile paid off the hackers a quarter million dollars hoping they would not leak the data. That part did not work either.

And, last year, the Lapsus$ extortion firm broke into T-Mobile’s network using stolen credentials. In this case, they were not interested in your credit card, but rather operational data about how to compromise the T-Mobile network’s operations. That probably would fetch a high price on the dark web from state actors.

But still, T-Mobile has lots of customers. In fact it experienced record growth in 2022. Maybe that is the source of the problem. In any case, it doesn’t seem to be hurting their growth.

How many breaches would it take you to leave your current cell provider?

Credit: Bleeping Computer

by