You can’t ignore the T-Mobile data breach

Not all data violations they are the same. None of them are good, but they come at a bad level. And considering that they happen on a regular basis, it’s understandable to be aware of the news. However, the T-Mobile breach that hackers claim has to do with the data of 100 million people deserves your attention, especially if you’re an “un-carrier” customer.

As previously reported Made by Motherboard on Sunday, someone on the dark network said it had obtained $ 100 million worth of data from T-Mobile servers and part of it was selling 6 bitcoin in an underground forum, about $ 280,000. Trove includes not only names, phone numbers, and physical addresses, but also more sensitive data, such as social security numbers, driver’s license information, and IMEI numbers, the unique identifiers associated with each mobile device. Motherboard confirmed that the data samples contained “detailed information about T-Mobile customers.”

Much of this information is already available, as well as social security numbers, which can be found on any site of public records. That’s also where most people’s data comes from is filtered sometime. But the apparent T-Mobile violation offers shoppers a mix of data that could be used with great effect, and not in ways you might automatically take.

“This comes down to sending phishing messages based on SMS and phone names in a somewhat more credible way,” says Crane Hassold, director of threat intelligence for the email security company Abnormal Security. “That’s the first thing I thought, looking at this.”

Yes, names and phone numbers are pretty easy to find. But the database that links the two, along with identifying someone’s carrier and fixed address, makes it much easier to convince someone to link to ads for T-Mobile customers, a special offer, or an upgrade. And to do that en masse.

The same goes for identity theft. Again, a lot of T-Mobile data is already available in various forms during various violations. Keeping it centralized makes the process easier for criminals — either considering someone who is unintentional or a particular high-value victim — says Abigail Showman, head of the group’s smart risk company Flashpoint.

While names and addresses may be fairly common at this time, the International Mobile Equipment Identity Numbers are not. Knowing that each IMEI number is linked to a particular customer’s phone can help you identify what you call a SIM-swap attack. “This can cause concern for the account,” says Showman, “because threat agents can access two-factor authentication or temporary passwords associated with other accounts, such as email, banking, or any other account that uses the advanced authentication security feature. Using the victim’s phone number. ‘

This is not a hypothetical concern; SIM swap attacks have been rampant in recent years and a previous breach by T-Mobile has been reported in February, was used specifically to run them.

T-Mobile confirmed on Monday that a breach had occurred, but not whether customer data was at risk. “We have been investigating claims throughout the day that T-Mobile data may have been illegal access to data,” the company said in an email. “We have determined that T-Mobile has been granted unauthorized access to certain data, however, we have not yet determined the existence of personal data of customers. to identify the nature of the data that were entered “.