T-Mobile Hacked For The Eighth Time In Five Years
from the zero-accountability dept
T-Mobile hasn’t been what you’d call competent when it comes to protecting its customers’ data. The company has now been hacked numerous times just since 2018, with hackers at one point going so far as to publicly ridicule the company’s lousy security practices.
Case in point: T-Mobile just revealed in an SEC filing (spotted by TechCrunch) that the company was just hacked for the eighth time in five years. This time impacting the privacy and security of 37 million T-Mobile subscribers.
According to T-Mobile, starting in late November a “bad actor” managed to obtain the personal data (including names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers and information such as “the number of lines on the account and plan features.”) As is usually the case with such breaches, T-Mobile issued a statement trying to downplay it:
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network.”
The intruder abused an API and didn’t directly access T-Mobile’s systems. But such statements are generally worthless, as the scope of such breaches usually tend to grow in scale as investigators dig deeper. An intrusion found in the fall can be the launchpad for a worse intrusion in the spring.
As with so many modern companies, T-Mobile over-collects data, then doesn’t take the necessary steps to protect said data. It then lobbies U.S. lawmakers to ensure we don’t shore up U.S. privacy protections (as it did when Congress gutted the FCC’s fairly modest broadband privacy rules, or when it lobbies to kill federal reform), and the cycle repeats itself in perpetuity.
T-Mobile has a bit of a history of being sloppy with the vast location data it collects on users, then fighting tooth and nail against whatever slapdash accountability U.S. regulators can feebly muster. T-Mobile recently dramatically expanded the company’s collection of user browsing and app usage data via a new program dubbed “app insights.”
We’ve built a reality where nobody consistently holds giant companies accountable for lax privacy and security standards. As a result, said companies see little meaningful incentive to improve, given they now view modest and pathetic fines levied by feckless U.S. regulators (who, by design, lack the resources to tackle privacy issues at any real scale) as a reasonable cost of doing business.
Filed Under: adtech, anonymization, clickstream, fcc, location data, privacy, security, telecom, wireless
Companies: t-mobile
Comments on “T-Mobile Hacked For The Eighth Time In Five Years”
I… i… i am starting to think they in fact do NOT take our privacy seriously.
That they know of, as it looking like intruders gain entry faster then T-Mobile can detect and remove them. A later intrusion could hide an earlier one using the same tools, or simply take over the work an a competitor.
Guess they have their new ad campaign.
At T-Mobile, your bill will never go up, and your data will always leak.
Re: From: billing
Of course you bill has gone up – how else do you expect us to pay any fines?
(Not that we’ll get any of any significance, but collecting the cash from you just in case. We can always find a use for spare cash)
Re: Re:
You’re full of it.
Mine has increased less than $10 over 10 years.
Far below inflation
"fully contained"
As in, “already for sale on the dark web.”
Re:
What? Your email address? Your mailing address?
What is for sale that wasn’t already generally public.
Be specific.
This is the company that needs to start getting banned from schools. The network is a bigger data threat than TikTok
'You better not hit nine or I will wag my finger something fierce!'
Eight hacks in fives years, eight times customer data that they were collecting because it’s profitable was available to whoever spotted the latest hole in their slap-dash security, with a wrist slap at worst every time because it would be just terrible to tell a company not to collect customer data to use and profit from.
Meanwhile five feet off to the side you’ve got politicians hyperventilating about how vital it is to block or force the sale of TikTok and shocked and appalled that anyone would ever think they’re not arguing in good faith when they assert that their motivations to spike the company are rooted in their deep and overwhelming concern for user privacy and data collection and nothing else.
This comment has been flagged by the community. Click here to show it.
https://community.t-mobile.com/accounts-services-4/fraudulent-activity-by-a-tmobile-employee-switching-my-sim-to-a-new-device-to-steal-funds-14519
https://www.reddit.com/r/tmobile/comments/n44zfj/sim_swap_fraud_suspicious_of_tmobile_stores/
https://www.zdnet.com/article/ex-carrier-employee-charged-for-role-in-sim-swapping-scheme/
That makes two-factor authentication worthless too.
Its just another obsolete system drowning in crackwhores. They ship your data overseas with 3rd world callcenters too, which have the same crackwhore attributes. They even have fake names. That makes Authentic Ignorance (AI) the funniest comedy on the planet.
Re:
I’m sorry I have to share the slum that is Earth with a cryptobigot like you.
Re:
Eliza> Please tell me more about these crackwhore attributes.
Re: Re:
The links to the news articles are the crackwhore attributes. You know…. Like the servers at restaurants that got tagged for card swiping.
The context is crystal clear. They work at cellular companies to do pretty much the same.
Re: Mentally Disturbed or Technology?
I remember the time when people standing around loudly talking to no one were pretty clearly mentally disturbed. Then came Bluetooth and it became a puzzle to guess disturbed vs bluetooth, although one could argue both.
Now we enter the age of wondering, Buffoon or ChatGPT, or both?
Re: Re:
In the 60’s y’all took drugs to make the world look weird…
No y’all take drugs to make the world look normal.
Re: Re: Re:
Comment of the century.
Re:
Wow, blame a company for the actions of a single individual?
Facts vs FUD
Leave it to this author to ignore reality.
No credit card card info was accessed
Passwords are secure (you should change them regularly anyway).
So only self righteous privacy freaks (freak!) have anything to worry about. The rest of us, the vast majority of this country’s population, doesn’t really care about cops swing tracking info for law abiding citizens.
We willingly ignore the privacy nonsense band non-concern for the nations highest rated cell service.
The fastest uploads the fastest downloads. The widest 5G roll out. The quickest CS access. (An average of 2 minutes!)
It’s going to take a lot more than data access by cops and some email and address leaks to make me turn away for the long-time best carrier in the country.
I’m sure some fear mongering freak far left privacy but lawyer will raise our rates by filing a shite class action that is opt-out!
Nice of the for-the-people ultra left to force us to file paperwork to NOT have our rights usurped.
This time I finally say it. Fuck you Mr Bode. Time and again you print fear and half truth. Your goal, to scare others into thinking like you.
How long have you held your extremest privacy and social views.
Notice less than 10% of the country, by EVERY poll, put privacy above the lowest choice?
Even on the most slanted and bizarre of poll options?
Here’s a reality check for you. Posting this MAY get a single TM subscriber to leave T-Mobile temporarily. They’ll come back. That’s literally where this falls in the real world. We know our data is not secure.
As long as they don’t get our credit card info; we, the many millions of TMnusers, Don really care. A click glance through the thousands of reply’s to the story in the NYT shows exactly that.
T-Mobile is the most reliable and dependable communication service in this country. 92% of its CS complaints, according to Cell journal, are over (consumer stupidity) billing.
You can write all you want. But just about nobody actually agrees with you.
What if their network or billing systems were hacked?
I bet if something actually hit them and actually caused disruption to them versus customers, like shutting down large parts of their network – oh wait, that just takes a thunderstorm to do…) or killing their billing systems, I bet THEN they would FINALLY take security seriously. Or even contemplate any type of security. Having root/root on core systems is criminal today for a company of this size.
In the 60’s y’all took drugs to make the world look weird… No y’all take drugs to make the world look normal.
What's this?
BestNetTech community members with BestNetTech Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the BestNetTech Insider Shop »