T-Mobile Announces Hack For the Eighth Time in Five Years
Table of Contents
- By Steven
- Jan 23, 2023
At this point, many T-Mobile users are appalled. When talking about a hack on the company that has access to your most personal pictures, accounts, and conversations, people don't want to be able to say "again" casually. Social media alone can have detrimental effects on people's lives (ruining relationships, job opportunities, and mental or overall health), let alone unknown and unauthorized parties having access to extremely personal content.
How Did the Attack Occur?
The hacker found a flaw in one of the company's application programming interfaces (or API). From T-Mobile's best estimate, the hacker began to exploit this flaw on November 25, 2022 and was found out on January 5, 2023. The data breach affected 37 million individuals. "No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised," read T-Mobile's notice.
What Information Was Viewed or Stolen?
The hacker accessed personally identifiable information that affected not only the account holders but everyone else on their plan. Names, emails, billing addresses, birthdays, phone numbers, account numbers, and the number of people on the plan, "nearly all of which is the type widely available in marketing databases or directories." While this may not seem obviously dangerous, it is expressly concerning, as many account holders are parents and likely have minors on their plans.
How Did T-Mobile Admit to the Breach?
T-mobile made a public statement on its site, saying, "We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts." T-Mobile also promises an increased budget for security measures, though this doesn't seem to be working, as the budget has become increasingly large over the last few years. Luckily, anyone can see T-Mobile trying desperately to increase its security, though the attempts are futile so far.
What Will Become of the Stolen Information?
Minors, especially teens, are highly emotional due to the hormones rushing through their bodies and are "better" targets for online bullies and trolls. So not only does this breach put their physical safety at risk (due to the leaked addresses), but it also jeopardizes their online safety. This applies to everyone involved, not just the teens. There are also increased chances of further scams due to phone number and email leakage.
What Should Affected Parties Do in the Aftermath of the Breach?
After any data breach, certain precautions should be taken. Identity and credit monitoring are always a good idea, even though no social security numbers or financial information was involved. It's good to invest in this because now that even a small bit of your information is online, there are higher risks associated with you and your accounts. It's also a very good idea to use software that will search the dark web to see if your information is already on it. It would be best if you also change your password.