T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack.
The company said in its disclosure to affected users that its security team had shut down “malicious, unauthorized access” to prepaid data customers. The data exposed appears to have been:- Name
- Billing address
- Phone number
- Account number
- Rate, plan and calling features (such as paying for international calls)
The T-Mobile representative stated that the attack was discovered in early November and shut down “immediately.” They did not answer other questions I asked, such as whether it was on a public-facing or internal website or database, how long the data was exposed and what specifically the company had done to rectify the problem. The data listed above is not necessarily highly damaging on its own, but it’s the kind of data with which someone might attempt to steal your identity or take over your account. Account hijacking is a fairly common tactic among cyber-ne’er-do-wells these days and it helps to have details like the target’s plan, home address and so on at one’s fingertips. If you’re a T-Mobile customer, it may be a good idea to change your password there and check up on your account details.