T mobile 55 plans, t mobile hacking news, did t mobile get hacked today, t mobile gets hacked, how was t mobile hacked, t mobile gettysburg pa, who hacked t mobile, t mobile get sim card, t mobile plans, t mobile hacked again, t mobile, t mobile get started.
T-Mobile has a cybersecurity problem and, once half a decade, still hasn't been able to get a cope on it.
The nation's second-largest wireless carrier disclosed in a regulatory filing late Thursday that data from 37 million of its customers was stolen in a breach. Security experts say that while the data wasn't actual sensitive, its compromise could put those people at high risk of populate scammed or otherwise targeted by cybercriminals.
Sound familiar? That's because T-Mobile was already distributing with the fallout from a 2021 data breach that compromised the personal demand of nearly 77 million people. T-Mobile agreed to a $500 million settlement in that case in July.
This marks just the another in a string of incidents going back to 2018, a huge stain on a company that once championed the "Un-carrier" electioneer of sticking up for consumers screwed by the wireless commerce. The sheer volume of incidents has experts questioning whether residual with the carrier puts you at risk.
"Five breaches in five years," celebrated Chester Wisniewski, field chief technology officer for applied research at confidence company Sophos. "People can decide for themselves if they want to stick with T-Mobile."
While both Verizon and AT&T have had to deal with data compromises in original years, they've been minimal compared with the problems T-Mobile has faced.
In T-Mobile's most original compromise, cybercriminals used a company API, or application programming interface, to make off with data tied to the customer moneys. APIs are commonly used features that allow the instant of data back and forth between different software applications.
The stolen data aboard customer names, billing addresses, email addresses, phone numbers, birth dates, T-Mobile account numbers and information on which plan features they have with the carrier and the number of sequence on their accounts.
T-Mobile declined on Friday to make an exclusive available for an interview or to comment beyond the statements it's already issued.
In its Thursday Securities and Exchange Commission filing and lifeless release, the company tried to downplay the value of what was stolen, noting that customers' financial information and their most confidential information, such as Social Security numbers, weren't compromised.
That's misleading, said Justin Fier, senior vice president for red team operations at the AI confidence company Darktrace.
"I would argue that we should not dumb that down," Fier said, adding that such a huge treasure trove of consumer profiles could be of use to everyone from nation-state hackers to criminal syndicates.
"There are dozens of ways that the demand that was stolen could be weaponized."
That includes SIM swapping attacks, where cybercriminals contact a wireless carrier and use stolen personal demand to pass themselves off as an account holder, then they ask that their requested number be transferred to a new SIM card. Doing that could give them entrance to not only the wireless number and account, but also any two-factor authentication codes that remarkable come to the phone via SMS.
That's why, Wisniewski said, it's significant that consumers, especially those compromised in the T-Mobile breach, not use SMS as a two-factor authentication method for bank, retirement, cryptocurrency and other critical online accounts.
In addition, all wireless customers necessity make sure that their accounts are secured with a PIN or passcode, which also can help stop SIM swaps, he said.
Meanwhile, Fier, who spent more than a decade working in counterterrorism afore joining Darktrace, said nation-state hackers could also use the data to connect the dots between republic for intelligence purposes.
For the more average person, there's a bigger possibility they'll be directed by scammers, possibly impersonating T-Mobile, either by phone or email. Armed with key tidbits of information like account numbers, those scammers will sound much more convincing, he said.
Taking all of that into elaborate, Fier, a T-Mobile customer himself, said he's not touching to lose a lot of sleep over the breach, or change carriers. He notes that there just isn't enough seek information from out there as of yet about exactly how the breach occurred, or whether T-Mobile is to blame.
The best sketch all consumers can do is tighten up their personal confidence by changing their passwords, enabling two-factor authentication whenever possible and taking up anxieties on their offers of free credit monitoring when breaches do happen.
Wisniewski was less charitable, saying that based on T-Mobile's track record over the past approximately years he'd never recommend them, but he noted that the novel wireless carriers aren't exactly perfect, either.
"None of these anxieties are saints," he said.
Source
