20.5k unique visitors in the last 3 days

T-Mobile US Data Breach Affects Over 40mn People

The mobile operator said hackers had compromised data for 7.8mn postpaid customers, 850,000 prepaid customers, and 40mn records for former or prospective customers.

Mobile operator T-Mobile US has advised the public that the data breach revealed on a hacker’s forum is genuine. The telco’s ‘preliminary analysis’ confirmed that records relating to 7.8mn postpaid customer accounts and another 850,000 prepaid users were compromised. The hackers also gained visibility of 40mn records, including social security numbers and dates of birth, relating to former or prospective customers who had applied for credit.

An announcement on T-Mobile’s website stated they had closed the access point believed to have been used by the hackers. They also emphasized that there is…

…no indication that the data contained in the stolen files included any customer financial information, credit card information, debit or other payment information.

However, a lot of valuable information was still obtained by the hackers.

Some of the data accessed did include customers’ first and last names, date of birth, SSN [social security number], and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.

Customers at risk have been offered 2 years of McAfee’s identity protection service for free. The PINs of the 850,000 affected prepaid customers were also breached, so T-Mobile has proactively changed them all. T-Mobile say there is no evidence that the PINs of any postpaid customers were compromised but are still recommending that all customers change their PINs anyway.

The anonymous online salesperson claiming to represent the hackers said they gained access via an insecure GGSN, reports GovInfoSecurity.

The individual claims that T-Mobile left a Gateway GPRS Support Node, or GGSN, that was apparently used for testing, exposed to the internet. GGSNs are part of the core infrastructure that connect mobile devices to the internet.

“From there, we pivoted through several different IP addresses and eventually got access to their production servers,” the person says in an instant message.

Eventually, the individual accessed more than 100 servers by brute forcing and using credential stuffing on internal T-Mobile servers, most of which were Oracle databases. None had rate limiting enabled.

T-Mobile’s customers should be aware of the risks of data breaches because they have suffered them several times before. Data for over a million prepaid T-Mobile customers was compromised by bad actors obtaining unauthorized access in 2019. The year before, hackers stole data relating to 2mn T-Mobile customers. And in 2015 credit bureau Experian were hit by a cyberattack that yielded the records of 15mn T-Mobile customers.

The share price of T-Mobile US at market close on Thursday was USD140.87, down 2.8 percent compared to the price at the end of last week, before the news of the hack had broken. There was a sharp drop in the share price when markets opened on Monday but it has remained stable since.

Nobody wants to hear that a security vulnerability allowed hackers to gain access to personal data. However, if we can trust T-Mobile’s figures then the scale of the breach is a lot less than the hackers’ original claims to have stolen the data of 100mn people. Customers may be fed up of hearing about data breaches, but neither they nor investors seem to do much about them. This week’s fall in the value of T-Mobile US shares is just a blip relative to the rise they have enjoyed in recent years. For good or bad, we all seem to treat data breaches as routine.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email