I guess the heat is getting to T-Mobile when it comes to the fact that they were either victims of massive pwnage, or just badly pwned, and it may still get worse for them. Especially since the hacker that pwned them says that their security was “awful.” I say that because the CEO of T-Mobile Mike Sievert has issued a public apology for T-Mobile’s failure to prevent the pwnage via an open letter posted to the T-Mobile website.
To say we are disappointed and frustrated that this happened is an understatement. Keeping our customers’ data safe is a responsibility we take incredibly seriously and preventing this type of event from happening has always been a top priority of ours. Unfortunately, this time we were not successful.
Attacks like this are on the rise and bad actors work day-in and day-out to find new avenues to attack our systems and exploit them. We spend lots of time and effort to try to stay a step ahead of them, but we didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts of this event. On behalf of everyone at Team Magenta, I want to say we are truly sorry.
I’m sorry, but this doesn’t cut it.
If you’re the CEO of a major company with tons of customer information, and you’ve been pwned on this scale, you should be drafting a letter of resignation immediately. Doubly so given that T-Mobile has been pwned so often. Let me give you a list:
- The theft of the details of 2 million customers in August 2018
- A hack involving the theft of prepaid customer data in November 2019
- The theft of employee and customer data in March 2020
- A “security incident” involving “malicious, unauthorized access” to some information related to T-Mobile accounts in January
There’s no excuse for any of this and he needs to walk the plank.
T-Mobile Has Been Pwned Again
Posted in Commentary with tags Hacked, T-Mobile on December 28, 2021 by itnerdIf you’re a T-Mobile customer you have to be wondering if the company can keep customer data safe. I say that because the news is out that they’ve been pwned. Again:
Affected customers fall into one of three categories. First, a customer may have only been affected by a leak of their CPNI. This information may include the billing account name, phone numbers, number of lines on the account, account numbers, and rate plan info. That’s not great, but it’s much less of an impact than the breach back in August had, which leaked customer social security numbers.
The second category an affected customer might fall into is having their SIM swapped. This is where a malicious actor will change the physical SIM card associated with a phone number in order to obtain control of said number. This can, and often does, lead to the victim’s other online accounts being accessed via two-factor authentication codes sent to their phone number. The document says that customers affected by a SIM swap have now had that action reversed.
The final category is simply both of the other two. Affected customers could have had both their private CPNI viewed as well as their SIM card swapped.
This comes after T-Mobile had a massive data breach in the summer. And keep in mind that this company has been pwned in the past too. Clearly this company does not have the best track record of protecting data. Which if you’re a T-Mobile customer, should make you reconsider if you should be dealing with them.
Leave a comment »