T-Mobile cyberattack ending in breach due to SIM swapping attacks

Data breaches affected T-Mobile customers yet again

T-Mobile suffers another data breachT-Mobile informs customers about breach without any details

T-Mobile confirmed a new data breach that resulted in notifications sent to affected people. The customers fell victim to the cyber attack because of the SIM swap attack.[1] This incident comes after the previous data breach in August.[2] Attackers accessed customer accounts this time, according to the post by T-Mobile.[3]

The company took to Twitter to inform about immediate steps they were taking. T-Mobile states trying to protect individuals who may be at risk but refrains from any other comments. So it is not clear if this unauthorized activity is related to viewing customer proprietary network information or an active SIM hijacking attack, or both and what malicious actor this is possibly related.

We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed.

The SIM swapping can allow the two-factor authentication bypass and other issues, so issues might not end here. This is a common issue and tactic used by attackers. The particular issue was corrected by the company with in-place safeguards and protective measures. No particular details were further released by the officials.

SIM swapping allows attackers to take control

The method that these attackers managed to access customer data is called SIM swapping or SIM hijacking.[4] This technique also provides the opportunity for malicious attackers to take control of the mobile phone number. It can lead to tricking it bribing particular carrier's employees to reassign the number to criminals-controlled cards.

Threat actors use these techniques and control the phone numbers belonging to victims. Bypassing the SMS-based authentication allows hackers to access and steal credentials, log into other accounts. Accessing the control of bank accounts can lead to stolen money or hijacking the online profiles, altering passwords, and changing login information keeping users away from their accounts and money.

The control takeover can result in major issues, so people should be aware of the suspicious text messages, emails, from T-Mobile. Hackers can present to send information regarding the incident and include possibly malicious links or redirect people to direct redirect-stealing services.

The list of T-Mobile data breaches in 2021 alone

In 2018, T-Moile suffered an attack that resulted in millions of customers whose data was accessed by hackers. Prepaid customers' data got accessed in 2019. Two security incidents were reported in a later year when attackers accessed email accounts of employees and when hackers exposed phone numbers and call records of users. However, 2021 was a different year.

As this year comes to an end, this security issue with SIM swapping is a third breach of this year alone. The February of 2021 started with the news about the new threat actors target – hundreds of users of T-Mobile.[5] The attack also relied on SIM swapping, and hackers managed to get access to an internal T-Mobile application.

The latest breach in August was the incident when threat actors managed to brute-force their way through the T-Mobile network when the access was gained to testing environments. The SIM hijacking attacks' popularity resulted in an increase in the number of such incidents targeting particular cryptocurrency investors. Security your personal information on mobile devices and keeping your personal details secure online can be serious and need to be taken seriously.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions