fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

T-Mobile Confirms Servers Were Hacked, Investigates Data Breach

T-Mobile Confirms Servers Were Hacked, Investigates Data Breach

T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen.

Yesterday, news broke that a threat actor was selling the alleged personal data for 100 million T-Mobile customers after they breached database servers operated by the mobile network.

The hacker told BleepingComputer that the databases stolen during the attack contain the data for approximately 100 million T-Mobile customers, including IMSI numbers, IMEI numbers, phone numbers, customer names, security PINs, Social  security numbers, driver’s license numbers, and date of birth.

This data was stolen approximately two weeks ago and contains customer data going back as far as 2004.

“Their entire IMEI history database going back to 2004 was stolen,” the hacker told BleepingComputer.

When we contacted T-Mobile yesterday, they stated that they were aware of the claims and were actively investigating whether they were breached.

Also Read: 4 Reasons Why You Need an Actively Scanning Antivirus Software

T-Mobile confirms servers were hacked

In an email sent to BleepingComputer, T-Mobile has confirmed that some of their servers were hacked in the reported attack and are continuing to investigate if customer data was accessed.

“We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.

We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

We understand that customers will have questions and concerns, and resolving those is critically important to us. Once we have a more complete and verified understanding of what occurred, we will proactively communicate with our customers and other stakeholders.” – T-Mobile.

While T-Mobile is continuing its investigation, screenshots of the stolen databases and servers accessed by the attackers indicate that the threat actors downloaded customer data during the cyberattack.

One screenshot shared with BleepingComputer shows the threat actors connecting to an Oracle database server over SSH on the company’s internal data center network.

Alleged access to T-Mobile Oracle server via SSH
Sensitive info r​​​​edacted by BleepingComputer

If it is revealed that customer data was stolen during the attack, which is expected, this will be a significant breach as threat actors will have enough information to attempt SIM swapping attacks.

Using these attacks, the attackers can transfer a phone number to their own devices to receive password reset and multi-factor authentication requests that could allow them to breach other accounts belonging to a customer.

This would be the sixth data breach suffered by T-Mobile in the past four years: 

What should T-Mobile customers do?

As the attackers told BleepingComputer they have offers from other threat actors to purchase the data, T-Mobile customers should operate under the assumption that their data was exposed.

Also Read: 5 Types of Ransomware, Distinguished

All T-Mobile customers should be on the lookout for suspicious emails or SMS texts pretending to be from T-Mobile.

If any are received, do not click any links embedded in the messages as threat actors could use them to harvest credentials from unsuspecting T-Mobile customers.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us