20.5k unique visitors in the last 3 days

T-Mobile US Admits to New Data Breach

The telco denied customer passwords were compromised but seemingly this is because the passwords were encrypted. Security researchers have questioned the strength of the encryption.

Data about customers of T-Mobile USA has been compromised by hackers, according to a customer announcement they shared last week. T-Mobile was keen to emphasize that no financial data was stolen and no passwords were compromised. However, the hackers did grab the following data about some customers: name, billing zip code, phone number, email address, account number, and whether the customer had a prepaid or postpaid account.

Hackers had obtained unauthorized access but T-Mobile’s cybersecurity team identified and stopped it on August 20th. Although T-Mobile’s written announcement provides no figures about the breach, Motherboard reported that 2 million customers were affected. The Motherboard article also claims that T-Mobile’s spokesperson told them that encrypted customer passwords had been breached. The telco supposedly denies these passwords have been compromised because they were encrypted. This might prove to be a semantic subterfuge. Security researcher Nicholas Ceraolo shared a copy of a hashed T-Mobile password he claims to have obtained from a mutual friend he shares with the hackers; other researchers suggested that T-Mobile may have used a weak hashing algorithm that would be relatively easy to crack.

In 2015 the records of 15 million T-Mobile US customers were compromised when hackers stole data from Experian, the credit rating agency. The telco was proactive in telling customers about that breach; it would be a shame if T-Mobile is now being less transparent about the risks to customers, especially if their passwords may be cracked.

T-Mobile’s share price has dropped a little since the news of this latest breach was made public, but has not seen the significant falls that have occurred following other major hacking attacks on telcos. We shall have to see how severe the impact will be on customers, and whether this leads to any further loss of confidence from investors.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email