The American operator T-Mobile confirmed this Thursday (19) the exposure of personal data of 37 million pre- and post-paid telephony customers. The opening was in a company API and revealed to attackers information such as names, billing addresses, phone numbers, emails and dates of birth, as well as the contents of the accounts themselves: number of lines registered and the plans purchased for each one of them.
- Deep web | Learn how to prevent your data from being leaked
- Data leak costs could exceed BRL 26 million in 2023
According to T-Mobile, the intrusion was detected on January 5 of this year, but Reviews showed that those responsible for the attack had access to information at least since November 25 of last year. In the process of collecting information, however, data considered sensitive by the company was not exposed, such as official documents, account access passwords, payment data or other financial records.
The operator also speaks of a “limited” leak, since not all customers affected had all the data mentioned in their profiles, while the API used for the intrusion did not allow access to internal systems and administration tools. While contacting those affected to report on the case and provide security tips, T-Mobile did not provide further details on how the exploit took place or what type of vulnerability was taken advantage of by cybercriminals.
While alerting affected consumers, T-Mobile is also working closely with US federal agencies and authorities to investigate the breach. The company claims that the malicious activities were “fully contained” and does not reveal whether the information obtained by the bandits was leaked or put up for sale, generating risks to users exposed in the leak.
“Attackers can make the database accessible to the public by putting it up for sale on the dark web,” explains David Emm, security researcher at Kaspersky. According to him, this behavior is common for ransomware threat actors, who often talk about their deeds on public blogs as they seek to profit from stolen data.
Even without leakage of financial or personal data, there is a risk of digital crimes
Even if financial data or personal documents have not been leaked, the risk still exists in terms of the incidence of phishing attacks. Criminals can use the information to apply scams against the victims themselves, speaking on behalf of the operator or other companies, as a way to get more data from them. Intersecting with other exposures can also lead to identity or online profile fraud.
“As the attackers may have obtained confidential information as a result of the leak, the effectiveness of the scams increases significantly”, completes the expert. Therefore, it is time to pay attention to danger signs, urgent messages or offers that seem too good to be true, all tricks used by bandits to make even more victims.
Emm also points out risks, even for the company itself, from the use of an alleged vulnerability in T-Mobile’s API, whose details were not revealed. “Cyber incident response services help to minimize the consequences, identifying compromised nodes and protecting the infrastructure from similar attacks in the future. Organizing intrusion tests, using updated code and verifying the security of the systems is vital”, he completes.
Source: SEC, T-Mobile