T-Mobile, probably the worst company to be with, suffers its 6th breach in 5 years from blog The Technology blog and podcast

T-Mobile, probably the worst company to be with, suffers its 6th breach in 5 years

Hello folks, welcome to the article that probably most people may not care about. It is going to cover a company which should probably have plenty to discuss with people as they have suffered their sixth breach in as many years.

When we talked about this on Throwback Saturday Night, we incorrectly said that it was 50 million. The correct number according to two articles will be roughly 37 million.

Here are the two articles that we saw on the matter.

• New T-Mobile Breach Affects 37 Million Accounts Krebs on Security
• T-Mobile investigates yet another data breach, this one affecting 37 million accounts Cyberscoop

Both articles were quite good in covering this, and if you didn’t see them, you now will be seeing them.

As I prepare to cover writing up notes for the upcoming security box, this company has more to answer to than a smaller company like Philmore Productions, which did contact me in regards to our podcasts on their product and they did have valid points to make which will be taken to heart.

I only mention it because while a company like Philmore Productions may be a small company and cators to a different market, if they did in fact have a breach, I’m sure they would need to be making phone calls or sending email accordingly to let their customers know of the issue. At least, I would hope so.

The fact that T-Mobile offers different services than the smaller Philmore Productions, T-Mobile probably took forever in notifying their customers, let alone be truthful on whether they’ve fixed the issues that plagued them or not.

At least with the Krebs article, Brian writes that an actor abused an API which allowed them to get data on roughly 37 million customers. This includes postpaid and prepaid accounts.

Now, compare that to the smaller Philmore, that company might have a couple hundred customers, doesn’t have any API, but could be targeted like other smaller companies, through Phishing.

I’m sure that the operators of Philmore are more dilligent now that they had customers affected by prior breaches, and I’m sure that prior mistakes will not happen again. But we’re all human, and humans as discussed are the weakest link and actors know this.

Here’s the issue. Kreb’s article says that they knew of the issue in January of 2022. We’re finding out the breach in January of 2023. Since the actor started abusing the API in November of 2022, why didn’t T-Mobile do anything about the issue when they first learned about it in January?

Kreb’s article also goes in to prior breaches of T-Mobile, starting with a paragraph talking about the 2021 incident.

According to Cyberscoop, they report that T-Mobile contained the issue, claims that no systems or network was apparently compromised, but yet the API coughed up a trove of customer data.

The Cyberscoop article also went in to detail on the API, just like Krebs on Security did.

Both articles are worth reading, let’s learn, take in what might need to be changed in our own environments, and make sure this doesn’t happen to us.

Stay safe, stay well, and thanks for reading!

---

Informazioni sull'articolo

T-Mobile, probably the worst company to be with, suffers its 6th breach in 5 years was released on January 23, 2023 at 9:05 am by tech in article commentary.
Last modified: January 23, 2023.

---

Comments (0)

No comments yet.

You must be logged in to post a comment.

go to sections menu

---