Why the t-mobile breach is a huge problem for two factor authentication

At this time, we were able to confirm that nearly 850,000 T-Mobile pre-paid customer names, phone numbers and account PINs were unmasked. We have identified additional 667,000 accounts of former T-Mobile customers who may have access to customer names and phone numbers with compromised addresses and birth dates. In a preliminary analysis, approximately 7.8 million of T-Mobile’s current postpaid customer account information appears to contain stolen data from our systems as well as approximately 40 million records of past and future customers who apply for credit with the company.

In August 2018, T-Mobile revealed a database breach that revealed the personal information of some 23 million customers. We reported that data files containing information about approximately 40 million former and future T-Mobile customers were compromised including the names and last names, birthdates, SSN and Driver’s License and ID information.

In December 2020, T-Mobile suffered a data breakdown in which an unknown threat scenario accessed customers “phone numbers and call records. A data breach notice sent to affected customers on February 9, 2021, filed by the company with the US Attorney General’s Office, revealed that an unknown attacker gained access to customer account information, including personal information such as personal identification numbers and PINs. The company also hit the headlines in January over a security incident in which confidential data on 0.2 per cent of its subscribers was leaked.

T-Mobile says it learned of the security incident last week and launched a full investigation, claiming to have closed access points to its servers. In a statement, the company said its preliminary analysis showed that 7.8 million current and postpaid T-Mobile customer information was involved in the data breach.

The exposed data included names, billing addresses, phone numbers, account numbers, tariffs, plans and other details, such as whether a person had subscribed to international calls, said T-Mobile. T-Mobiles confirmed that 7.8 million contract and postpaid customers had their data stolen, including the information disclosed on Thursday : first and last names, dates of birth, social security numbers, driving license numbers and phone numbers and IMEI data.

After the announcement of the T-Mobiles’ business results in the third quarter, the company has 84.2 million customers, which means that prepaid accounts breach could affect more than 1 million accounts. If the data breach affects more than 47 million records, T-Mobile could affect 78 million accounts for current customers and 40 million records for former or potential customers, it said. The potential number of people affected is huge but the company says that it represents less than half of the 105 million customers it currently reaches.

T-Mobile has confirmed details of a massive data breach, revealing that the personal data of over 47 million people is at risk. Over the years, there have been many data breaches by many companies but security experts say that much of the information uncovered by T-Mobile is available on the dark web. Given that this is not the first breach T-Mobile will face in 2021, the expected response will be critical.

T-Mobile has confirmed that millions of current and former customers had their data stolen in a data breach after reports of a hack over the weekend. The US telecommunications provider T-Mobile revealed the vulnerability, in which an unknown number of customers were affected by a SIM swap attack.

Cybercriminals could use the exposed personal information of affected T-Mobile customers to commit identity theft of their IMSI information through SIM swap attacks, in which an attacker takes a user’s phone number and intercepts two-factor authentication codes (2FA) and other data sent to their smartphone. SIM hijacking is a serious problem, where hackers trick mobile phone providers or customer services to gain control over your phone number that they can then use to do other nefarious things. In a SIM swap, a hacker can port your number onto their own device where they can intercept SMS-based two-factor authentication codes, making it easier to get into your online accounts.

A breach of a mobile operator leaves customers exposed to the same I / O theft risks as other companies, and cybersecurity experts suggest that stolen information that emerges from acquiring the T-Mobile customer account could be a method known as a SIM-swapping attack. A SIM swap attack is when someone tricks your mobile phone company into transferring your number to another device, which can then be used to break into the account to which you are tied with your number. While the company has not given a likely motive for the data breach or potential data theft, if this type of information is compromised, online criminals could exploit SIM-swapping attacks.

It is common for people to use their mobile number to verify their identity, for example when they login to their online banking account and want to reset their password.

Change the password you use for your mobile phone account. It is always a good idea to change your password for your T-Mobile account and all other accounts that are protected by the same password.

Using different passwords for each account is one of the basic principles of digital security. In addition to using a strong, unique password for each online account, it is wise to set up multi-factor authentication, also known as two-factor authentication. Change the PIN of your T-Mobile account: This way an attacker gets a phone representative to perform a further check when changing other service cards, but the PIN can also be used to activate 2-factor authentication (2FA or MFA): If you activate this security option, you will be prompted to add a second form of code at the time you log in.