INSUBCONTINENT EXCLUSIVE:
T-Mobile has confirmed hackers breached its systems.
The cell giant,currently merging with Sprint, said in a statement that hackers
customer stole names, billing zip codes, phone numbers, email addresses, account numbers, and account type — such as if an account was
prepaid or postpaid — in what the company described as an &unauthorized capture of data.
No customer financial or billing data was
compromised, the company said.
It not known when the breach occurred but the unauthorized access was detected and shut down on Monday.
A
T-Mobile spokesperson told TechCrunch thatthe breach was &discovered and stopped very quickly,& and &affected a small number& of
customers.But Motherboard reported that a spokesperson said about 3 percent of the company 77 million users were affected — some 2 million
accounts.
T-Mobile began notifying customers of the breach Friday morning with a text message sent to affected accounts
But that drew ire from some, who said the shortlink in the text message looked like phishing.
So @TMobile have been sending out a breach
alert (a legit one) using a short URL and a number of people think it #phishing.
Why BECAUSE IT LOOKS LIKE PHISHING!
https://t.co/5fZJxaKszd
mdash; 𝐎𝐥𝐢𝐯𝐞𝐫 𝐇𝐨𝐮𝐠𝐡
(@olihough86) August 24, 2018
This is the latest in a string of security incidents at T-Mobile in the past year.
In May, a security
researcher found a security weakness in a T-Mobile subdomain used by staff, which returned customer data without requiring a password
It was similar to a vulnerability found in another T-Mobile system reported by Motherboard some months prior, which exposed customers& email
addresses, their billing account numbers, and the phone IMSI numbers.
T-Mobile and other carriers earlier this year were also forced to stop
sharing customer location data with third-parties, after Democratic senatorRon Wydencriticized the cell giants for the practice.
