Wireless carrier T-Mobile notified its 2.3 million subscribers via text message earlier this week that their personal account information may have been exposed. The warnings accompanied a customer advisory posted to the T-Mobile website alerting all its 77 million customers of the breach. Affected were about 3 percent of subscribers, the company said.
According to the advisory, on August 20 T-Mobile’s cybersecurity team “discovered and shut down… unauthorized access to certain information.”
Exposed were customers’ “name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid),” the company wrote. T-Mobile said that no credit card data, social security numbers or passwords were part of the breach.
“Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information,” T-Mobile wrote in its advisory.
A T-Mobile spokesperson told Threatpost that the attack targeted a specific leaky API tied to an undisclosed part of its website. The spokesperson said that the attack was quickly identified, shut down and mitigated against. T-Mobile said intruders launched the attack from IP addresses based outside the United States, but declined to reveal the country of origin.
“It was discovered by our security team and almost immediately shut down,” T-Mobile told Threatpost. “So it’s not an ongoing issue and there’s no additional threat. This was a one off that was dealt with extremely fast.”
Security experts say, while the exposed data did not include sensitive banking and social security information, impacted customers should be on their toes to prevent future fraud.
“Fraudsters frequently use the type of personal information stolen in the T-Mobile breach like names, zip codes, and phone numbers to log into a user account in order to steal goods, services or sensitive financial details,” warned fraud prevention company Forter. “This information can also be used to conduct other types of fraud, particularly on mobile devices which tend to use fewer data points to separate legitimate customers from fraudsters in an effort to deliver the quick, seamless mobile experience users have come to expect.”
T-Mobile said that impacted accounts have been flagged internally. “We have put notations on every affected account. We will monitor those accounts for suspicious activity,” T-Mobile said.
The spokesperson said that the company actively monitors all accounts for fraudulent activity such as “port-out scams.” That’s when scammers port a wireless customer’s mobile number to another provider. In those instances, an attacker can intercept calls and messages while a customer phone goes dark.
In February, T-Mobile alerted customers a rash of “port-out scams” the company had experienced. The company spokesperson said T-Mobile is urging all its customers to create PIN numbers associated with their accounts. Passwords and PINs associated with a user accounts are required for a port to go through.
T-Mobile declined to speculate as to the nature of the attack or the intruders’ intent.