Archive for T-Mobile

T-Mobile Has Been Pwned Again

Posted in Commentary with tags , on December 28, 2021 by itnerd

If you’re a T-Mobile customer you have to be wondering if the company can keep customer data safe. I say that because the news is out that they’ve been pwned. Again:

Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.

The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.

The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.

This comes after T-Mobile had a massive data breach in the summer. And keep in mind that this company has been pwned in the past too. Clearly this company does not have the best track record of protecting data. Which if you’re a T-Mobile customer, should make you reconsider if you should be dealing with them.

T-Mobile CEO “Sorry” For Massive Data Breach….. Sure….

Posted in Commentary with tags , on August 27, 2021 by itnerd

I guess the heat is getting to T-Mobile when it comes to the fact that they were either victims of massive pwnage, or just badly pwned, and it may still get worse for them. Especially since the hacker that pwned them says that their security was “awful.” I say that because the CEO of T-Mobile Mike Sievert has issued a public apology for T-Mobile’s failure to prevent the pwnage via an open letter posted to the T-Mobile website.

To say we are disappointed and frustrated that this happened is an understatement. Keeping our customers’ data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful.

Attacks like this are on the rise and bad actors work day-in and day-out to find new avenues to attack our systems and exploit them. We spend lots of time and effort to try to stay a step ahead of them, but we didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry.

I’m sorry, but this doesn’t cut it.

If you’re the CEO of a major company with tons of customer information, and you’ve been pwned on this scale, you should be drafting a letter of resignation immediately. Doubly so given that T-Mobile has been pwned so often. Let me give you a list:

  • The theft of the details of 2 million customers in August 2018
  • A hack involving the theft of prepaid customer data in November 2019
  • The theft of employee and customer data in March 2020 
  • A “security incident” involving “malicious, unauthorized access” to some information related to T-Mobile accounts in January

There’s no excuse for any of this and he needs to walk the plank.

T-Mobile Hacker Says T-Mobile’s Security Is “Awful”

Posted in Commentary with tags , on August 27, 2021 by itnerd

It’s bad enough that T-Mobile got either massively pwned by a hacker, or just badly pwned by a hacker. Though it may still get worse. But it just got worse from the American telco. The hacker who pwned them is speaking out. His name is John Binns, a 21-year-old American who lives in Turkey, and he doesn’t have flattering things to say about the telco and their security:

In messages with the Journal, Mr. Binns said he managed to pierce T-Mobile’s defenses after discovering in July an unprotected router exposed on the internet. He said he had been scanning T-Mobile’s known internet addresses for weak spots using a simple tool available to the public.

The young hacker said he did it to gain attention. “Generating noise was one goal,” he wrote. He declined to say whether he had sold any of the stolen data or whether he was paid to breach T-Mobile.

And:

Mr. Binns said he used that entry point to hack into the cellphone carrier’s data center outside East Wenatchee, Wash., where stored credentials allowed him to access more than 100 servers.

“I was panicking because I had access to something big,” he wrote. “Their security is awful.”

He said it took about a week to burrow into the servers that contained personal data about the carrier’s tens of millions of former and current customers, adding that the hack lifted troves of data around Aug. 4.

You have to wonder how this is going over inside T-Mobile, especially since they’ve been pwned on numerous occasions. But more importantly, this is going to spark a lot of questions and inquiries from people outside T-Mobile. And I’m going to bet that T-Mobile really doesn’t want to answer any questions whatsoever. Because when you’ve been pwned as often as they have, lawmakers and others are going to make your life miserable.

T-Mobile Discovers That Their Pwnage Issues Are Worse Than They Thought

Posted in Commentary with tags , on August 20, 2021 by itnerd

This morning, T-Mobile has shared its latest discoveries as it continues its investigation into the hack that resulted in information on almost 50 million people has been leaked. The new information indicates that 5.3 million more current postpaid customer accounts that were compromised:

We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised. We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised. Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed. These additional accounts did not have any SSNs or driver’s license/ID information compromised.

And that’s not all:

We also previously reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver’s license/ID information, were compromised. We have since identified an additional 667,000 accounts of former T- Mobile customers that were accessed with customer names, phone numbers, addresses and dates of birth compromised. These additional accounts did not have any SSNs or driver’s license/ID information compromised.

I have the sneaking suspicion that more details are going to leak out that will bring this number to the 100 million that was previously reported. And that won’t be a good look for T-Mobile.

T-Mobile Got Pwned…. Again….. And They Are Sure Acting Like They Don’t Want Their Customers To Know About It

Posted in Commentary with tags , on August 17, 2021 by itnerd

T-Mobile recently disclosed that they will investigate the theft of over 100 million of their users’ personal identifiable information being sold on the web. How many customers does T-Mobile have? About 100 million. So basically, every T-Mobile customer has been affected by this. And this is not the first time that T-Mobile has been pwned. More on that shortly.

All together now: Whiskey Tango Foxtrot?

“We have determined that unauthorized access to some T-Mobile data occurred,” a spokesperson said in a statement. But “we are confident that the entry point used to gain access has been closed.”

The company added that they are addressing the matter with the “highest degree of urgency” but admitted it will “take some time.”

The company on August 15 said it is looking into an alleged massive data breach compromising over 100 million users based on a claim made in an underground forum post, according to Vice’s Motherboard.

T-mobile said it cannot confirm further details until it has completed its assessment but ensured customers it has enlisted the help of digital forensic experts and law enforcement.

The seller, according to the post, is asking for bitcoin in exchange.

Here’s where things get sketchy. T-Mobile posted a notification on the Twitter account of their CEO Mike Sievert. Not their main Twitter account. Not their customer assistance account. The CEO’s Twitter account.

This account is the least likely to be seen by T-Mobile customers. The responsible thing for T-Mobile to do would have been publicize this far and wide. But that’s what’s happening here. And what’s worse is that Sievert, or someone who controls his Twitter account is handing over these sorts of responses over and over again:

Here’s another example:

Let’s cut to the chase:

  • T-Mobile got pwned. Again as this is not the first time that they have been pwned. Let me list all the previous hacks:
    • The theft of the details of 2 million customers in August 2018
    • A hack involving the theft of prepaid customer data in November 2019
    • The theft of employee and customer data in March 2020 
    • A “security incident” involving “malicious, unauthorized access” to some information related to T-Mobile accounts in January
  • Every customer has been affected. Every. Single. Customer.
  • T-Mobile isn’t exactly going out of their way to inform their customers about this. Nor does it seem that they have a plan to protect their customers.
  • What communication they are doing is a PR disaster.

T-Mobile at this point deserves to not only lose every customer that they have, but this merits them being hauled in front of congress, investigated, and punished in the most severe way possible. Because T-Mobile has simply failed it’s customers in the worst way possible.

Sprint & T-Mobile USA Announce Merger Agreement

Posted in Commentary with tags , on April 30, 2018 by itnerd

The big news coming out of the US telco space over the weekend is a merger agreement between US telcos Sprint and T-Mobile. The new combined company will be named T-Mobile and current T-Mobile CEO John Legere will serve as the Chief Executive Officer. The new company promises that it will be “force for positive change” . What sort of change? Here’s the video:

Along with the faster rollout of 5G technology, Sprint and T-Mobile say the merger will lead to job creation, lower prices for consumers, improved coverage, and “unprecedented network capacity.” We’ll see if all that comes true. Assuming that this deal gets approved of course. That’s a bit of an open question seeing as there’s currently a battle in the courts with the AT&T / Time Warner merger. So we’ll have to wait and see on that front.

Hopefully, this new company decides to come to Canada as we could use some of that “force for positive change” around here.

T-Mobile Lets You Use Your Phone In The US, Canada, And Mexico With No Roaming Fees

Posted in Commentary with tags on July 10, 2015 by itnerd

T-Mobile has come up with two things that got my attention.

  • T-Mobile customers can now use their smartphones to make calls, send text messages and browse the mobile Web in US, Canada and Mexico without any roaming charges.
  • T-Mobile customers can now call Canadian and Mexican numbers from the US without incurring any fees

The program starts July 15th. Oh, before any Canadians say “sign me up”, forget about it. The fine print says this:

you must reside in the U.S. and primary usage must occur on our U.S. network.

It sucks to be Canadian clearly. It makes me wonder the following:

  1. Why can’t the big three carriers in Canada do this?
  2. How can we convince T-Mobile to set up shop in Canada.

So for fun, I decided to put out this tweet to T-Mobile CEO John Legere:

If he responds, I’ll post it here.

UPDATE: T-Mobile responded via Twitter:

My response was this:

T-Mobile CEO Apologizes For Saying Competition “Raping” Customers

Posted in Commentary with tags on June 23, 2014 by itnerd

If you’re American and you’re on T-Mobile, you might want to take your business elsewhere. T-Mobile CEO John Legere was caught by Bustle among others saying this among other things:

These high and mighty duopolists that are raping you for every penny you have…the fuckers hate you.

Really? A rape metaphor from a CEO of a major corporation? If I were a T-Mobile customer, I’d break my contract to go with some other carrier. I guess that Legere either figured that out on his own, or more likely some PR droid told him that his comments were ill advised. This Tweet then appeared:

Really? Apologizing on Twitter doesn’t cut it. How about a news conference where you have to apologize for your tasteless comments and have to own up to them completely? That would show that you have a pair? This apology smells of cowardice. Total and absolute cowardice. Given this response, I say dump T-Mobile and show Legere that consumers will express their displeasure over this fiasco by moving their dollars elsewhere.

BlackBerry To T-Mobile USA: You’re Cut Off

Posted in Commentary with tags , on April 2, 2014 by itnerd

T-Mobile a couple months back did something that I will call ill advised. It e-mailed BlackBerry users on their network encouraging them to switch to a competitors device. Specifically the iPhone 5S. That didn’t go over so well. The BlackBerry blog details what happened next. In short, BlackBerry users got upset. Boy did they get upset. So you’d think that this was the end of it. And it was, until last night when this tweet appeared:

Now is this a big deal? On one hand, BlackBerry products were already hard to find in T-Mobile stores as they were not being stocked. But on the other hand, it has to be a huge slap to T-Mobile. It also shows that BlackBerry isn’t going to be pushed around. There’s a press release that was posted as part of that tweet that has this interesting tidbit:

BlackBerry customers on the T-Mobile network should not see any difference in their service or support. BlackBerry will work closely with T-Mobile to provide the best possible customer service to any customer remaining on the T-Mobile U.S. network or to any customer purchasing devices from T-Mobile’s existing inventory.

BlackBerry is also working closely with other carrier partners to provide consumers and business users with alternatives should they decide to transition to another carrier and remain with BlackBerry for their long-term device and service needs. For additional details, offers and assistance, business customers and consumers can go to http://us.blackberry.com/smartphones.html.

Hmm… BlackBerry working with other carriers to provide alternatives to loyal BlackBerry users? I can’t wait to see how T-Mobile spins that.

 

 

T-Mobile Announces Unlimited Data When Roaming

Posted in Commentary with tags on October 10, 2013 by itnerd

This is the biggest hint that roaming charges for cell phone users are a rip off. T-Mobile USA announced it has eliminated wireless data roaming charges for its customers:

“The cost of staying connected across borders is completely crazy,” said John Legere, president and CEO of T-Mobile US, Inc. “Today’s phones are designed to work around the world, but we’re forced to pay insanely inflated international connectivity fees to actually use them. You can’t leave the country without coming home to bill shock. So we’re making the world your network – at no extra cost.”

Of course the devil’s in the details, So here are the details:

T-Mobile tonight announced that it’s expanding the home data coverage for most Simple Choice customers to include more than 100 countries, at no extra charge. Starting Oct. 31, these Simple Choice individual and business customers automatically get unlimited data and texting in more than 100 Simple Global countries worldwide, and they will only pay a global flat rate of 20 cents per minute for voice calls when roaming in the same countries. Eligible customers on T-Mobile’s popular Simple Choice plan won’t have to activate anything or pay an extra monthly fee.

And, for customers in the U.S. wanting a saner, more affordable way to stay connected with friends, family and colleagues worldwide, T-Mobile’s got them covered, too. The company announced tonight its new Stateside International Talk & Text feature for discounted calling and texting from the U.S. to all Simple Global countries. Customers never pay more than 20 cents a minute to any number in any Simple Global country, including mobile to mobile. Calls to landlines in more than 70 of these countries are unlimited and included at no extra cost. Unlimited texting is also included to all countries. Stateside International Talk & Text is available to most Simple Choice customers for just $10 a month.

This seems very reasonable to me. One wonders why the big three in Canada don’t do something similar? After all, logic says that the cost for T-Mobile USA to do this can’t be much different than what the big three would have to pay to set something like this up.

Perhaps T-Mobile will consider setting up shop in Canada to bring this sort of sanity to Canadian cell phone users?