T-Mobile hacked to steal data of 37 million accounts in API data breach
Reading Time: 3 Minutes
T-Mobile data breach
T-Mobile recently announced a data breach in which a hacker stole the personal information of 37 million current postpaid and prepaid customer accounts through one of the company’s Application Programming Interfaces (APIs)
The mobile carrier detected the malicious activity on January 5, 2023 and cut off the hacker’s access to the API the following day.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Customer account data exposed
The company stated that the API that was exploited did not provide access to sensitive information such as social security numbers, driver’s licenses, or financial account information.
Instead, the hacker was able to access a limited set of customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features.
T-Mobile is working with law enforcement to investigate the breach and has reported the incident to U.S federal agencies.
Trending: Offensive Security Tool: Freeze
8th data breach since 2018
This is the eighth data breach T-Mobile has suffered since 2018.
The mobile carrier has suffered seven other data breaches since 2018, including one where attackers gained access to the data of roughly 3% of all T-Mobile customers.
In 2019, T-Mobile exposed prepaid customers’ data. Unknown threat actors also accessed T-Mobile employees’ email accounts in March 2020.
In December 2020, unknown threat actors also gained access to customer proprietary network information (phone numbers, call records), and in February 2021, attackers accessed an internal T-Mobile application without authorization. In August 2021, hackers brute-forced their way through T-Mobile’s network after a breach of the carrier’s testing environments.
The company also confirmed in April 2022 that the Lapsus$ extortion gang had breached its network using stolen credentials.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
New Ghost Tap Attack: The Next-Level Credit Card Scam Exploiting Apple Pay and Google Pay
Apple Rushes to Patch Two Zero-Day Exploits Targeting Intel-Based Macs
Chinese Hackers Exploit Zero-Day in FortiClient VPN with ‘DeepData’ Toolkit
Critical Flaw in Popular WordPress Plugin Puts Millions of Websites at Risk
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
