T-Mobile breach exposed personal data of almost 50 million people

Getty Images/iStockphoto

A cyberattack against T-Mobile has compromised the idiosyncratic accusation of astir 50 cardinal people, according to the carrier. In an update posted connected Tuesday, the institution said that definite lawsuit information had been accessed and stolen by unauthorized individuals and that the information did see immoderate idiosyncratic accusation for a wide scope of customers.

SEE: Security Awareness and Training policy (TechRepublic Premium)

The lawsuit information obtained successful the onslaught encompassed archetypal and past names, dates of birth, Social Security numbers (SSNs) and driver's license/ID numbers.

Those impacted by the breach see 7.8 cardinal existent T-Mobile postpaid customers and much than 40 cardinal erstwhile oregon imaginable customers who had applied for recognition with the company. Also exposed were the names, telephone numbers and relationship PINs of astir 850,000 progressive T-Mobile prepaid customers.

T-Mobile said that truthful acold there's nary denotation that immoderate lawsuit fiscal data, recognition paper details, debit oregon different outgo accusation person been compromised. The institution added that it recovered and closed the entree constituent that it believes the attacker utilized to summation entree to the lawsuit accounts but gave nary further details connected precisely however the incidental occurred oregon however its web was compromised.

At this point, the bearer has implemented the pursuing measures to effort to assistance affected customers:

• Two years of escaped individuality extortion services with McAfee's ID Theft Protection Service.
• Recommendation that each T-Mobile postpaid customers proactively alteration their PIN by signing into their relationship oregon calling the company's Customer Care halfway by dialing 611 connected your phone. T-Mobile said it's advocating this measurement adjacent though it isn't alert of immoderate postpaid relationship PINs being compromised.
• Offering Account Takeover Protection capabilities for postpaid customers, a diagnostic that makes it much hard for accounts to beryllium fraudulently stolen and used.
• A webpage with information to assistance customers instrumentality further steps to support themselves. The leafage suggests further actions for customers specified arsenic changing your relationship password, activating T-Mobile's Scam Shield connected your telephone and obtaining a escaped recognition report.

The breach came to airy earlier this week pursuing a study that T-Mobile was investigating an underground forum station from someone claiming to beryllium selling lawsuit information obtained from T-Mobile servers, according to tech quality tract Motherboard. The information up for merchantability included Social Security numbers, telephone numbers, names, carnal addresses, unsocial IMEI numbers and driver's licence numbers. Motherboard said it viewed samples of the information and confirmed that it contained details connected T-Mobile customers.

In an online chat, the seller told Motherboard that they had compromised aggregate T-Mobile servers. In the forum post, the seller was asking for six bitcoin (around $270,000) for a information of the information that contained 30 cardinal Social Security numbers and driver's licence numbers, with the remainder disposable for merchantability privately.

In a connection to Motherboard astatine the time, T-Mobile said: "We are alert of claims made successful an underground forum and person been actively investigating their validity. We bash not person immoderate further accusation to stock astatine this time."

Another idiosyncratic reportedly progressive successful the onslaught told Information Security Media Group (ISMG) that T-Mobile was compromised aft the bearer near a Gateway GPRS Support Node, oregon GGSN, misconfigured and exposed to the internet, reported Govinfosecurity.com. GGSNs are portion of a halfway web connecting mobile devices to the internet.

The idiosyncratic claimed that the attackers had entree to T-Mobile systems for 2 to 3 weeks earlier the bearer unopen them down. They besides said that the attackers moved to T-Mobile's LAN and past to the much than 100 mostly Oracle databases with idiosyncratic information.

"The attacker claims to person compromised an extremity of beingness GPRS strategy that was exposed to the net and was capable to pivot from it to the interior web wherever they were capable to motorboat a brute unit authentication onslaught against interior systems with nary complaint limiting, and I'm guessing nary alerting functions either," said Chris Clements, Cerberus Sentinel VP of solutions architecture. "Assuming this is true, past arsenic accustomed it isn't conscionable 1 mistake that leads to a monolithic compromise, but a drawstring of failures oregon lack of information controls that occur."

This is hardly the archetypal clip T-Mobile has been compromised. In fact, it's astatine slightest the 5th breach successful conscionable the past fewer years.

"The T-Mobile information breach proves that lightning surely tin onslaught twice--in fact, it tin onslaught arsenic galore arsenic 5 times--dating backmost to the company's data-scraping incidental successful 2018," said Keeper Security CTO & co-founder Craig Lurey. "Cyber experts person warned clip and clip again astir secondary attacks, and we're present starting to spot that the consequential attacks tin really beryllium overmuch much devastating than the first."

With this information seemingly up for merchantability by the attackers, imaginable buyers tin usage it to execute a assortment of crimes.

"Hackers tin usage the stolen SSNs to summation entree to existing slope accounts," said Accurics CISO Om Moolchandani. "Using the stolen identity, attackers tin perchance get their sanction added to the relationship oregon simply transportation money. While the magnitude of information stolen mightiness already beryllium extensive, criminals tin merge it with different accusation into a azygous database, expanding its worth connected the acheronian market. This besides increases the accidental of individuality theft and large fiscal issues for the T-Mobile customer."

Now the onus is connected T-Mobile to analyse the onslaught and instrumentality the indispensable steps to beef up its security, though the institution doesn't look to person learned capable of a acquisition from erstwhile information breaches. Further, the load is connected T-Mobile customers to support their accounts and information from further compromise.

"Affected customers request to instrumentality power of their accusation instantly and successful each mode possible," Lurey said. "First of all, alteration your passwords. The hackers are apt already connecting the dots to different platforms and services you log successful to--changing your passwords present tin enactment arsenic a obstruction to further entry."

Lurey besides advised utilizing a password manager to assistance power and alteration immoderate passwords that whitethorn person been exposed. Multi-factor authentication is different recommended measurement to forestall criminals from signing into your accounts. Finally, you whitethorn privation to pat into a Dark Web monitoring work to spot which of your accounts and accusation whitethorn beryllium up for sale.

Also see

• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)
• Shadow IT policy (TechRepublic Premium)
• Online information 101: Tips for protecting your privateness from hackers and spies (ZDNet)
• All the VPN presumption you request to know (CNET)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)