![]() ![]() ![]() Hackers accessed personal data belonging to 7.8 million current postpaid customers, including dates of birth and Social Security, and also hackers accessed the records of 40 million former and prospective customers. The breach exposed information like names, addresses and phone numbers and lasted more than a. Last August, the telecom giant admitted that at least 47 million customers had account data stolen as a massive data breach. T-Mobile Says Hacker Got Data From 37 Million Customer Accounts. ![]() T-Mobile has confirmed six other, previous data breaches since 2018. “Our systems and processes worked as designed, the intrusion was rapidly shut down and closed off, and the compromised credentials used were rendered obsolete.” Shortly after, a security researcher was able to gain unauthorized access to Sprint’s network simply by guessing some very poorly-secured user/password combination. “Several weeks ago, our monitoring tools detected a bad actor using stolen credentials to access internal systems that house operational tools software,” the company’s statement said. The two companies had just come up with a deal in principle when up to two million T-Mobile customers had their account information and encrypted passwords exposed in a data breach. However, Krebs reports that the hackers were able to steal source code for a range of company projects - just as the group had done with Samsung, Microsoft and Globant. T-Mobile did not respond to multiple requests for comment, but told news outlets that “no customer or government information” was accessed during the incident. Through this employee account access, the hackers were in a position to carry out SIM-swap attacks, where hackers reassign a target’s cell phone number to a device under their control, which then allows for the interception of phone calls and text messages that can be used to further break into a victim’s accounts and also obtain two-factor authentication codes. This gave Lapsus$ access to T-Mobile’s internal tools, including Atlas, used for managing customer accounts, which the hackers used in an attempt to find T-Mobile accounts associated with the FBI and Department of Defense, but were blocked as the access needed additional checks. The messages show that Lapsus$ had access to T-Mobile’s network by compromising employee accounts, either by buying leaked credentials or through social engineering. At least two Lapsus$ members - a 16-year-old and a 17-year-old - were subsequently charged with multiple cyber offenses. Roughly 47.8 million current and former or. The messages obtained by Krebs were sent in a private Telegram channel during the week leading up to the arrests of the gang’s most active members in March. As part of its ongoing data breach investigation, T-Mobile has confirmed the enormity of the stolen information. T-Mobile’s latest security incident - the seventh data breach in the past four years - was first revealed by security journalist Brian Krebs, who obtained a week’s worth of private chat messages between the core members of Lapsus$, a hacking and extortion group that gained notoriety in recent months after targeting tech giants Nvidia, Ubisoft and Okta. The Lapsus$ hacking group has claimed another victim: U.S. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |