T-Mobile has announced the company's second big breach in less than two years, revealing that a hackers obtained user data from 37 million accounts, including names, birth dates, and phone numbers. In a regulatory statement on Thursday, the telecom giant stated that it presently thinks the attacker initially accessed data using one of its APIs around November 25th, 2022.
T-Mobile claims that malicious activity was discovered on January 5th and that the attacker had access to the compromised API for more than a month. The business claims to have tracked down the source of the malicious activity and corrected the API attack within a day of its discovery. According to T-Mobile, the hacker's API did not permit access to data containing social security numbers, credit card information, government ID numbers, passwords, PINs, or financial information.
T-Mobile omitted in a public news statement disclosing the hack that it affected 37 million accounts and had gone unnoticed for more than a month. Instead, the statement stated that the corporation "took it down within 24 hours" after its teams spotted the problem. T-Mobile has begun notifying customers whose information may have been compromised as a result of the incident.
Since 2018, T-Mobile has acknowledged eight intrusions, with earlier breaches revealing customer call records in January 2021, credit application data in August 2021, and a "unknown actor" obtaining user information and performing SIM-swapping operations in December 2021. After obtaining employee credentials online, the hacker organization Lapsus$ got T-Mobile's source code in April of last year. |
0 Comments