In a financial filing on Thursday, T-Mobile revealed that a hacker accessed a trove of personal data belonging to 37 million customers.
The telecom giant said that the “bad actor” started stealing the data, which includes “name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features,” since November 25.
In the SEC filing, T-Mobile said it detected the breach more than a month later, on January 5, and that within a day it had fixed the problem that the hacker was exploiting.
The hackers, according to T-Mobile, didn’t breach any company system but rather abused an application programming interface, or API.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network,” the company wrote.
This is the eighth time T-Mobile was hacked since 2018. The most recent incident was in 2022, when a group of hackers known as Lapsus$ were able to gain access to the company’s internal tools, which gave them the chance to carry out so-called SIM swaps, a type of hack where hackers take over a victim’s phone number and then try to leverage that to reset and access the target’s sensitive accounts such as email or cryptocurrency wallets.
T-Mobile has 110 million U.S. customers. A spokesperson for T-Mobile did not respond to a request for comment.
https://techcrunch.com/
WhatsApp is rolling out a picture-in-picture feature for its iOS app with its latest update. This allows users to access WhatsApp or other apps without shutting out the video feed on the call. The company rolled out this feature with the 23.3.77 version of its iOS app. Until now, if you switched to another app […]
SC Media UK has collected predictions across a range of categories from cybersecurity experts. Here we give you the roundup… What might 2023 bring in term of cyber? Our experts found consensus on a few areas. First, boardroom metrics will become more important as senior execs demand transparency through quantified insights on the company’s security posture. […]
On January 1, a technologist who goes by the nickname regexer received an email saying he had successfully reset his account at the crypto exchange Coinbase. Unfortunately — and worryingly — he had actually not requested a password reset. Regexer, who asked to be referred to by his online moniker for fear of being targeted […]
Leave a Reply