T-Mobile hit with lawsuit for allegedly letting hackers port man’s phone number and take his cryptocurrency


Days after T-Mobile began sending texts to customers urging them to add port validation security to their accounts, news has come out that a man is suing T-Mobile over an issue related to porting.

Carlos Tapang is suing T-Mobile for allegedly allowing strangers to port his phone number and then steal his Bitcoin. Tapang claims that on November 7, 2017, someone contacted T-Mobile to port his phone number to AT&T and that T-Mo did so, despite Tapang saying that he had a PIN on his account that would be required for a port out request.

Once the hackers had successfully gotten Tapang’s phone number on AT&T, he says that they were able to change the password on one of his cryptocurrency accounts and take 1,000 units of OmiseGo tokens and 19.6 units of BitConnect coin which they then sold for 2.875 Bitcoin. On November 7, 2017, the value of a Bitcoin was around $7,000.

Tapang’s complaint goes on to point to other complaints from T-Mobile customers who say that their phone number was also fraudulently ported.

Tapang is suing T-Mobile for negligence, breach of contract, and violation of the Federal Communications Act and the Washington Consumer Protection Act. He’s seeking damages and injunctive relief.

T-Mobile hasn’t commented on this lawsuit. If you’d like to read the full complaint, you can find it at the source link below.

Via: The Register
Source: Complaint (PDF)

Tags: , , , ,

  • beachtrax

    Interesting. I just finished explaining to my family what we needed to do to prevent this hack. Now by this lawsuit we see a man claiming that T-Mobile allowed someone to port his number without providing any password. Not feeling too much confidence in Tmo service right now.

  • steveb944

    Well that explains the sudden random topic of security popping up.

  • Zach B.

    Maybe he shouldn’t have put his money into a pyramid scheme that’s now crashing down as people can’t buy anything with it and banks/nation’s ban it…

  • yankeesusa

    I am enjoying t-mobile and their customer service but I have heard this happening before. With t-mobile and other providers. But with t-mobile it’s even easier. I think this is going to be a big issue for tmobile that needs to be addressed and fixed.

  • TmoRepNLovingIt

    It was most likely an inside job. The ONLY way to port out from ANY carrier is to have the customer’s account number and PIN. I’m more inclined to believe that the problem may have been on AT&Ts side of the port. Other than that, he was specifically targeted and someone working for Tmo must’ve been the one who stole, or helped steal, the number. Who knows though.

    • Alexander

      Incorrect, all you need is a rep that is lazy or doesn’t follow the rules. I have a PIN on my account required to get any information or make changes and I’m lucky if they ask for it 50% of the time I call in.

      • David Lewis

        This is why humans are being replaced with A.I./automation/robots/machines.
        It could mean the difference between profit or losing millions of dollars in lawsuit and attorney/legal fees.

  • David Howe

    I recently spent several years as NTC (number transfer center) and I can tell you one thing – If we were provided the account number and pin for a number – transfers were automated and did not require any operator intervention – and most of these ‘accidental’ transfers involved either compromised pins the person had the correct info to complete the transfer or pins like 1234, date of birth

  • NardVa

    When you put in a port request the other carrier needs to know your current account number and pin number (usually something generic). How did the hacker know this information? Also, how did the hacker know which crypto currency exchange you were using? It sounds like this guy was already compromised (via email/social media) and now he wants to blame T-Mobile.

    • Romdude

      That Experian fiasco would have provided personal info but the other information is harder to get.

  • rich white

    Crypto accounts are extremely hard to get into, not only with login information you need google authentication or sms. Guessing where the coins/tokens were held is also a mission. Which would mean they also bypassed security on multiple exchanges to get the right one. No way.

  • vincent vera

    How did they get his account #? .. have you guys forgotten that T-mobile themselves had a breach linked to Experian. I am sure the way T-mobile and Experian link data is with the T-mobile account #.