T-Mobile experienced a data breach on August 20th

tmobilelogolarge

UPDATE: T-Mobile has told Motherboard that the breach affected around 3 percent of its 77 million customers — around 2.3 million people — and that that the hackers were part of an “international group”.

UPDATE 2: T-Mobile has confirmed that “encrypted passwords” were part of the data compromised by the hackers. Security researchers speaking to Motherboard say that the algorithm used for these passwords may be weak, and password expert Jeremi M. Gosney adds that customers should change their passwords.

 

T-Mobile today confirmed that it was affected by a security breach.

T-Mobile says that on August 20th, it discovered a security breach that affected the accounts of some customers. The malicious party did not get access to any financial data, social security numbers, or passwords. Some personal customer data may have been exposed, though, including name, billing zip code, phone number, email address, account number, and account type.

Customers whose account was affected by this breach will receive an alert that’ll direct them to this web page. For more information, you can contact customer care by dialing 611, using messaging on MyT-Mobile.com or the T-Mobile app, or use iMessage with Apple Business Chat. T-Mobile for Business and MetroPCS customers can call 611 from their phones.

T-Mo says that it quickly reported the breach to authorities. No other details on the incident have come out.

Data breaches are always a serious issue. Even though no financial info or social security numbers were exposed in this particular breach, details like a person’s name, phone number, and email address are still sensitive info. If your account was affected by this data breach, you may want to change your account password to try and prevent any other issues.

Did you receive an alert regarding this T-Mobile data breach?

Via: Reddit
Source: T-Mobile

Tags: , ,

  • Ceefu

    I got the alert.

  • That one N7 guy

    Also got the alert. I’d love to know what sort of compliance standards T-Mobile is supposed to be at and if they got a “Pass” status when the last security scans were run. If they passed then part of the issue is these compliance companies giving others a false sense of security.

    • blokeinusa

      A company I worked for had a security audit from an outside vendor, and it was a joke. Basically deep dived into basic security practices, like no common passwords, special characters in passwords, minimum password length, no unnecessary ACL’s, minimum data needed to do your job, minimum level of security clearance per server/computer/application, make sure your encryption is at industry standard etc, etc….my favorite…passwords not written down.

    • MMA Prints

      Anything can be hacked. In fact, AES 256 bit encyption has been hackable since last year.

  • Willie D

    I did not get this alert, but the fact that T-Mobile has and continues to have multiple data breaches repeatedly is concerning. Like NFC Tap to Pay works by giving a random one time use generated authorization code, perhaps we need to have ways of doing this with out identification other personal information. That way it can’t be hacked.

    • blokeinusa

      They’re called one time passwords or two factor, but even at that, if you loose your authenticator, then how would you authenticate? Much more, your just actually moving the security from one place to another. Harder encryption doesn’t mean hack proof, just longer time to break

  • Francisco Peña

    Not me

  • izick

    Blessed day. No alert. Yet.

  • steveb944

    This has to be the most swift announcement ever. All other companies announce breaches with no information and months after occurrence.
    Good for them for being transparent, and it’s unfortunate we have to live with these attacks nowadays.

  • jpco20

    yup. received yesterday. only time will tell what implications this breach will have on us.

    • The One

      How were you notified? Via email or text?

      • Sharti24

        Text

  • Sharti24

    Just got the text. We should all call and request a free months of service for this inconvenience.

    • Derrik Brozovich

      What inconvenience? The fact they informed with an answer this fast IS this convenience. A lot of companies wouldn’t figure out the issue let alone announce it within a week. You want compensation for transparency? Good god.

      • Sharti24

        Panic, changing passwords/pin codes. Thats an inconvenience to me. Why must i change them? What did i do wrong to have fear that someone might compromise my personal info? I trust tmobile with my personal info and they let hackers break in and steal personal information. I pay for a service so yes compensation is fair

        • Derrik Brozovich

          I pay QuikTrip for my gas to power my vehicle. Someone broke into it despite the safety features in place. It’s neither Quiktrip’s fault for providing the ability to use my vehicle nor the manufactures fault for attempting the best they can to prevent said incident.

          People will commit crime, period. No company is safe from that, no person is safe from that. In this day and age of digital commerce, a consumer with common sense ought to understand the risks of their information being digital. The fact that T-Mobile found an issue and fixed it so quickly and ultimately no information was compromised that would result in identity theft or fraud on your cellphone account means they did a hell of a job and you got what you paid for.

          If you feel the need to be compensated for something working the right way, go ahead and be that person. Remember that time Experian, the freaking credit union, was hacked? Something that should be one of the most secure things on the planet and it got hacked. If you need piece of mind and compensation, take your services all offline and eliminate the rick almost entirely.

  • South Florida Bike Life

    These HACKERS called my fiance today and acted as T mobile employees telling her that her sales contract needs to be rebuild and asked her for her Social security number. We called about it today and we were being told by a Tmobile agent that they don’t ask for social security numbers over the phone and are aware of whats going on!!!! WATCH OUT GUYS! this looks like a bigger “hacking” operation than it is!

  • jinishans

    FU TMo. My SIM has been cloned, they got 2FA and reset my pwd, phone in PayPal a month back. I called TMo they don’t have an answer and blamed PayPal. PayPal simply said it was a TMo SIM clone hack happened in Jan. PP said v can not do anything if someone access with 2FA. TMo said we can change your no which I’m using for more than 10yrs. I just cancelled PayPal account, can’t do anything with TMo. Be aware of this SIM Cloning Hack as well. They’ll clone your SIM and will get all SMS you receive it seems. I’ve put 90 day Alertwith all 3 credit agencies.

    • Derrik Brozovich

      That can happen with any carrier, any cell phone, any cell service.

    • J.R. Vasquez

      jinishans, I totally get your anger but Derrik Brozovich is right, it can happen on any carrier. Just the time we live in. My personal feelings are people who do malicious hacking should have a finger chopped or cut off! However, if they are state sponsored what you gonna do?

  • M42

    Trump’s Russian buddies at work.