According to T-Mobile, no passwords, payment card information, social security numbers, government ID numbers, or other financial account information were compromised. The breach hit postpaid and prepaid customer accounts. The company is still investigating the breach but said the malicious activity appears to be fully contained. The hacker used a single application programming interface (API) to gain access to T-Mobile data. Within 24 hours, the company traced the source of malicious activity and stopped it.Īlso: Cybersecurity jobs: Five ways to help you build your career T-Mobile discovered the breach on January 5, 2023. Distributed by Tribune Content Agency, LLC.Microsoft Build 2023: How to watch and why you shouldĪccording to a disclosure document T-Mobile filed with the US Securities and Exchange Commission, the company believes the bad actor first gained access to customer information around November 25, 2022. Wherever possible, use an authentication app instead. But too many sites encourage you make that second factor a text to your phone number, which encourages SIM swap fraud. On the plus side, two-factor authentication is becoming the standard online, and that's improving security across the web. And if you have trouble remembering dozens of passwords, try a password manager app that can keep track of them for you. Changing passwords periodically is a good practice for all your accounts. Change the password you use to get into your mobile phone account online.Verizon goes further, automatically blocking SIM swaps by shutting down both the new device and the existing one until the account holder weighs in with the existing device. Activate T-Mobile's " account takeover protection" feature, which an extra layer of protection on top of the PIN.If you're a T-Mobile customer and you have a PIN, set a new one. Create a PIN for your mobile phone account to provide an extra layer of security against unauthorized changes in your account, such as a malicious SIM swap.Anyone with a smartphone would be wise to take them: Meanwhile, T-Mobile has set up a website suggesting more steps people can take to guard against fraud. They provide tools to prevent you from phishing and other forms of hacking combined with scanning services that look for your Social Security number or email address in places online where it doesn't belong. You should also check your credit score regularly, which is a good way to detect fraud after it happens.Ĭredit- and identity-monitoring services, which typically carry a monthly fee, can also help reveal the work of identity thieves. Krebs also suggests freezing the credit files maintained by a handful of smaller, specialized agencies. But you have to contact each of the three major credit bureaus individually, which you can do online. It's free to place a freeze and to lift it for your own needs. The single best thing to do is to put a freeze on your credit files, which will prevent anyone from opening a new account. But that convenience can backfire if your number is hijacked, then used to impersonate you online. It's increasingly common for people to use their mobile numbers as a way to verify their identity - for example, when they log into their online banking account, or when they want to reset their password. That's where someone persuades your mobile phone company to transfer your number to a different device, which he or she then uses to try to break into the accounts that you've tied to your phone number. Or they could use it to dupe your bank into letting them change the password on your account, giving them access to your money.įor those whose phone numbers were also exposed, there's at least one more malign possibility: a SIM-swap attack. For example, they could use it to make phishing emails seem more realistic, helping to persuade you to give up additional sensitive information such as a password or PIN. Identity thieves could use that information to target both you and the banks, insurers and other companies you do business with. Throw in your name, birth date and driver's license number, and it's exponentially easier for someone to pretend to be you. Your stolen SSN can be used to open fraudulent credit card accounts, divert or fraudulently collect benefits and commit workplace fraud, among other forms of deceit. Social Security numbers are widely used by the federal government, banks, investment companies, government benefit programs and insurers to verify identity. Those whose data were exposed face greater risks of identity theft, phishing scams and other forms of fraud, Krebs warned. But that doesn't mean you should just shrug off what happened. There have been so many data breaches at so many companies over the years, some security experts say that much of the information exposed by T-Mobile is probably already available on the dark web.
0 Comments
Leave a Reply. |