T-Mobile Hack: You Should Be Concerned Even If You’re Not a Customer
Even if you’re not a customer, the hack of T-Mobile should give you pause and a reason to take action.
You’ve likely heard that T-Mobile was hacked causing a massive data breach in August 2021. In this data breach involving 50 million records, even those who aren’t currently T-Mobile customers have been affected.
How’s that even possible, you wonder? Read on…hold on to your hat.
The sole hacker who pulled off the job said this about T-Mobile’s network: “Their security is awful.” T-Mobile is the second-largest wireless carrier in the U.S.
Companies are the last ones to find out they’ve been breached. T-Mobile only found out about the data breach when an outside security company told them that someone was selling T-Mobile customer data on the internet.
T-MOBILE DATA BREACH
- When: August 4, 2021
- Records stolen: 50 million and counting
- Type of records: Social Security numbers, driver’s license numbers, dates of birth
- People affected: current, past and prospective T-Mobile customers.
Attention! Here’s the most important takeaway about the T-Mobile hack.
Most of the people 50 million accounts affected by the hack were not current customers, as mentioned above.
That’s quite alarming if you think about it.
- For one, you need to recall if you’ve ever applied for a T-Mobile account or if you were once a T-Mobile customer
- More than that, you have to wonder how many other companies followed the same questionable practice of holding onto personal identifiable information
But unfortunately, we don’t know what these companies are doing. And as it turns out, many of them don’t know what they’re doing either. T-Mobile has been hacked three times in two years!
Take a few steps to protect yourself right now.
Maybe you’re thinking, “I don’t need to worry because I’m not a T-Mobile customer.”
Okay, don’t worry. Instead, take a few steps (on all your accounts) to help protect yourself before they do get hacked—or you might be doing this afterward.
- Change passwords on all of your accounts. Especially the ones with sensitive data. You might want to think about using a password manager.
- Enable what’s called “two-factor authentication” on your accounts, especially bank and credit card accounts you access online. Read our article for more information.
- Sign up for a free credit monitoring service.
- Make sure your protect your home router by updating its “firmware” and changing the password. Or buy a new router if yours is old. The T-Mobile hacker broke in through a router.
- Run a free data breach check at WhatIsMyIPAddress.com/breach-check. You’ll find out on the spot if you have accounts with other companies that have had a data breach.
This time, the data breach of a major company wasn’t done by a team of experts.
Who was behind the T-Mobile hack?
One 21-year-old, an American-born man living in Turkey, seems to have pulled off the hack pretty much by himself. The young hacker has even been bold enough to tell the Wall Street Journal his name and explain why he did it—to gain attention. “Generating noise was one goal,” he said.
A common trait among hackers is that they don’t seem to care about anything but glory, attention, and fame amongst their peers. This same person is known to have created a huge network of secretly hacked devices that was used to launch cyberattacks. Most likely, the people who owned the hacked devices had no clue.
Well, the hacker succeeded at achieving his goal (in his eyes and world). Unfortunately, his success is nothing but bad news for T-Mobile and its customers and others.
He got away with stealing confidential (and supposedly protected) information about T-Mobile customers, including Social Security numbers, driver’s license numbers and dates of birth. Information that could be sold for nefarious reasons include identity theft.
How did he do it?
Evidently, according to the Wall Street Journal, the hacker found a T-Mobile router that was unprotected and exposed on the internet. He discovered it, he told the WSJ, while he “was scanning T-Mobile’s known IP addresses, looking for weak spots.” He did that by using a digital tool that’s easy to acquire online. He was actually just as surprised as we are now, “I was panicking because I had access to something big”, he admitted.
Hackers: they don’t care about anything except glory, attention, and fame amongst their peers.
It’s not going well for companies. Even though the cybersecurity industry is booming–with cybersecurity consultants, software suppliers and incident response teams growing like crazy–cybercrooks seem always to stay one step ahead.
But it doesn’t help when companies make it easy for hackers to find ways into their networks.
If that seems too harsh, you can say companies aren’t making it hard enough—or even impossible—for hackers to get into their networks.
The U.S government is putting heat on companies…finally.
The breach even sparked an inquiry by the Federal Communication Commission (FCC), the first of its kind, as the current U.S. Administration has said they’re going to be examining companies’ security and privacy. They’re on a mission to ensure that U.S. companies start strengthening their cyber defenses.
But guess what? According to the Wall Street Journal, the guidelines from the FCC are pretty much voluntary. They’re more or less, at this point, just suggestions of best cybersecurity practices for companies.
The good news about the hack, is that it didn’t disrupt service to customers. The bad news is that hackers hit paydirt when it comes to finding customer information to steal. As mentioned previously, the hacker stole Social Security numbers and driver license numbers of 50 million people.
For many corporations, your data is as valuable as your account.
And as mentioned before, the stolen data wasn’t mostly from current customers. Supposedly, most of it came from past customers, as well as prospective customers. Prospective customers are people who may have applied for a T-Mobile account, but has not been established yet.
If you think that doesn’t data-handling practice sound right, you’re in good company. There are cybersecurity legal firms who think it’s wrong, too.
The head of one legal group said, “why were they keeping sensitive information for these people…who didn’t even sign an agreement with T-Mobile?”
Part of the issue is that large companies like having large databases as information. To them your Social Security number, driver license number, date of birth, etc., are simply “data”—information about people that’s handy to have for analyzing, strategizing, marketing and more. They like playing with it.
With all at stake, you’d think they’d protect it better.
Especially because, ultimately, it’s YOUR data, not their data.
What’s it going to take?
In late August, President Joe Biden hosted the top executives from tech giants Apple, Google, Amazon and Microsoft, as well as financial executives, to discuss the need to boost cybersecurity. There have been enough data breaches and hacks of large companies already this year to get everyone worried.
The current administration has named cyber-attacks as one of the largest and most dangerous security threats to the country. The President said, “The federal government can’t meet this challenge alone,” adding that corporations “have the power, the capacity, and the responsibility…to raise the bar on cybersecurity. “The companies attending the event pledged to put millions of dollars into research, innovations, education and training.
But you have to wonder: With all the hacks and attacks that have happening and making big headlines, why hasn’t anyone done anything sooner?
The sad reality is, until companies and agencies are extremely serious about combating the relentless assaults by hackers, there will always be another story about a significant data breach.
Too little, too late.
Of course, T-Mobile was caught off-guard and had to scramble to patch things up. Here’s what T-Mobile said to “reassure” the public right after they were informed of the attack by an outside party.
“We are confident that we have closed off access and egress points the bad actor used in the attack.“T-Mobile
It would seem hard to have confidence in them after they just got hacked for the third time in two years.
A few weeks after that, they admitted their failure.
“We didn’t live up to the expectations we have for ourselves to protect our customers. Knowing that we failed to prevent this exposure is one of the hardest parts ever.”CEO Mike Sievert wrote in a public letter a few weeks after T-Mobile hack.
At the same time, they announced new partnerships with cybersecurity firms to shore up their defenses.
Do a data breach check NOW for free.
Data breaches happen by the thousands each year. Use our free Data Breach Check tool to find out if you have other accounts that may have been affected by past data breaches—and what to do about it.
Sources: Wall Street Journal: August 20, 26, 27, 2021; T-Mobile.com.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety