Data Breach

T-Mobile customers were hit with SIM swapping attacks

The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks.

The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks.

Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.  

An unknown attacker gained access to customers’ account information, including personal info and personal identification numbers (PINs), T-Mobile already notified the impacted customers.

“Recent, we detected unauthorized activity on your T-Mobile account, during which an unknown actor gained access to your account information, including personal information and your personal identification number (PIN).” reads a data breach notification published by the company. “T-Mobile quickly identified and terminated the unauthorized activity, however, we do recommend that you change your customer account PIN.”

The exposed information may have included customers’ full name, address, email address, account number, social security number, customer account personal identification number (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed associated with the account.

According to Bleeping Computer, the hackers used an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts, the security breach did not impact business customers.

Impacted T-Mobile customers are recommended to change their password, PIN, and security questions.

T-Mobile offers two years of free credit monitoring and identity theft detection services to impacted customers.

Unfortunately, this isn’t the first data breach suffered by T-Mobile in the past years.

In 2017, hackers stole some personal information belonging to T-Mobile customers by exploiting a well-known vulnerability. Exploiting the vulnerability attackers were able to access certain customers’ data, including email addresses, billing account numbers, and the phone’s IMSI numbers. Such kind of info could be used by hackers in social engineering attack against T-Mobile’s customer support employees with the intent of stealing the victim’s phone number.

In May 2018, a flaw in T-Mobile’s website allowed anyone to access the personal account details of any customer by providing their mobile number.

In August 2018, T-Mobile suffered a security breach that exposed the personal information of up to 2 million T-mobile customers.

In November 2019, the US branch of the telecommunications giant T-Mobile disclosed a security breach that according to the company impacted a small number of customers of its prepaid service.

In March 2020, the wireless carrier T-Mobile was victims of a sophisticated cyber attack that targeted its email vendor. A data breach notification published by the telecommunications giant on its website revealed that the security breach impacted both employees and customers.

In December 2020, the company disclosed a new data breach that exposed customers’ network information (CPNI), including phone numbers and calls records.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos

EvilVideo is a zero-day in the Telegram App for Android that allowed attackers to send…

4 hours ago

SocGholish malware used to spread AsyncRAT malware

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the…

14 hours ago

UK police arrested a 17-year-old linked to the Scattered Spider gang

Law enforcement arrested a 17-year-old boy from Walsall, U.K., for suspected involvement in the Scattered…

18 hours ago

Security Affairs Malware Newsletter – Round 3

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

1 day ago

Security Affairs newsletter Round 481 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

2 days ago

U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and…

2 days ago

This website uses cookies.