T-Mobile hacked: personal data of 2 million users exposed

No financial data was affected by the T-Mobile hack

The telecommunications firm T-Mobile announced that hackers may have accessed personal data of 2 million customers

The telecommunications giant T-Mobile US announced^[1] that hackers might have accessed personal data of 2 million customers. The information stolen included names, email addresses, billing zip codes, phone numbers, account numbers and the account type while no financial data, passwords or social security numbers were exposed.

The incident occurred on the 20th of August, and the company's cybersecurity experts managed to shut down the attack almost immediately after detection. T-Mobile began the investigation and also contacted the relevant authorities.

The company reported that it sent out emails, text messages and letters to those who are affected. T-Mobile apologized for the inconvenience in their published statement:

We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access. We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.

The breach affected a bit less than three percent out of T-Mobile's 77 million users.

The unauthorized access occurred via the API

There is not much information being published by the telecommunications firm yet, as the breach investigation is still on-going. The IT team detected the unauthorized access in the early morning of August 20th and shut down the intrusion “very fast,” according to the spokeswoman of T-Mobile.

According to the announcement, the unidentified hackers were a part of “an international group.” The company is still speculating on whether or not the breach was conducted by criminals or other institution.

Hackers managed to access the personal information of T-Mobile customers via the API that did not contain any financial or other sensitive data. However, details like name, email, address and similar might be used for credential stuffing,^[2] bringing more concerns.

Several other high-profile organizations have been recently hacked and users' data exposed

T-Mobile immediately contacted customers who are believed to be affected by the data breach. The text messages included the following information:

T-Mobile MSG: Hello – We ID'ed & shut down and unauthorized capture of your info. No financial info/SSN taken but some personal info may have been. More: t-mo.co/security

According to the company, not all users might get the message straight away. However, those who do receive the notification should contact T-Mobile's customer service via 611 telephone number.

Hackers are continually employing new techniques and tricks to harvest the valuable data of high-profile organizations. Several other companies were affected by the similar data security issues. UK's largest phone retailer Carphone Warehouse lost details of 5.9 million payment cards,^[3] while the ticketing platform Ticketfly was hit by a hack that exposed data of 26 million records and took down the official website for a week.^[4]

In the modern times of digital data and information sharing, nobody is fully protected by a data breach. To protect users, companies and organizations need to invest in cybersecurity and do everything to prevent the future hacks.^[5]