T-Mobile hacked to steal data of 37 million accounts in API data breach

by | Jan 20, 2023 | News

t-mobile hacked data breach api

Post Views: 649

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

T-Mobile data breach

T-Mobile recently announced a data breach in which a hacker stole the personal information of 37 million current postpaid and prepaid customer accounts through one of the company’s Application Programming Interfaces (APIs)

The mobile carrier detected the malicious activity on January 5, 2023 and cut off the hacker’s access to the API the following day.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Customer account data exposed

The company stated that the API that was exploited did not provide access to sensitive information such as social security numbers, driver’s licenses, or financial account information.
Instead, the hacker was able to access a limited set of customer account data, including name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features.

T-Mobile is working with law enforcement to investigate the breach and has reported the incident to U.S federal agencies.

Trending: Common and Uncommon types of SQL Injection

Trending: Offensive Security Tool: Freeze

8th data breach since 2018

This is the eighth data breach T-Mobile has suffered since 2018.

The mobile carrier has suffered seven other data breaches since 2018, including one where attackers gained access to the data of roughly 3% of all T-Mobile customers.

In 2019, T-Mobile exposed prepaid customers’ data. Unknown threat actors also accessed T-Mobile employees’ email accounts in March 2020.

In December 2020, unknown threat actors also gained access to customer proprietary network information (phone numbers, call records), and in February 2021, attackers accessed an internal T-Mobile application without authorization. In August 2021, hackers brute-forced their way through T-Mobile’s network after a breach of the carrier’s testing environments.

The company also confirmed in April 2022 that the Lapsus$ extortion gang had breached its network using stolen credentials.

Trending: Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This