Breach of Privacy
Although T-Mobile managed to take some steps to counteract hackers activities on Monday, reports reveal that customer data was likely exposed. The carrier revealed that there was a probability that hackers succeeded in stealing the personal data of some T-Mobile customers.
According to a statement by the company, the breach of privacy occurred on Monday and there was a possibility that some of its customer data were exposed before the cybersecurity team of the carrier company could shut off the access and send a report of the breach of privacy to the relevant law enforcement body. The hackers were reportedly able to breach a particular database through the exploitation of an already vulnerable application programming interface or API. API refers to a set of blocks for software building that eases the process of accessing technologies or data by developers whenever they are creating an application.
While speaking to a media outlet, a representative of the company mentioned that roughly three perfect of the carrier’s total customer base( 77 million) which was over 2 million customers were likely affected and its ability to limit the damage to a smaller percentage of users was a positive move. Reports have it that those affected customers have already been notified by text message.
The data breached reportedly included the names of the customers, their phone numbers, billing zip codes, email addresses, account types i.e. postpaid or prepaid and their account numbers. When the breach was first announced, the carrier initially stated that social security numbers, credit card numbers as well as passwords were not accessed because the specific API which the hackers reportedly exploited wasn’t wired into any data for card payment. However, a representative of the carrier later told some media outlets that encrypted passwords were also exposed.
The carrier noted that since the passwords were encrypted, the hackers would have been unable to read them. However, some securities researchers are of the opinion that T-Mobile made use of MD5 algorithm for the protection of the passwords. The author of the protection scheme in 2012 reportedly stated that the scheme was no more considered as safe. The carrier company has, however, failed to confirm whether or not it used the MD5 algorithm. Also, T-Mobile allegedly suggested that those who perpetrated the hacking activity were international.
Reports indicate that T-Mobile in recent times has been putting efforts into rebuilding its customer service approach. The company has allegedly launched care centers nationwide with the aim of offering an increased dedicated service. It has also committed to setting up a 5G network all around the nation come 2020.
Thus, T-Mobile’s swift move to notify the customers who were affected has been lauded as a reasonable one. That is more because history shows that a lot of companies who witness hacks do not put their customers first, and some have reportedly waited a couple of months before announcing such breaches. However, the legislators have passed laws on breach notifications with the aim of encouraging responsible and prompt disclosure.
The company noted that its customers who did not get any notification need not be bothered about the breach of their personal data. T-Mobile advised that even though the passwords were uncompromised, the customers should still endeavor to regularly set new account passwords, even though this is contrary to The National Institute of Science and technology’s advice that it scheduled changes of password is no longer considered best practice. However, some tech analysts have noted that it is a reasonable move looking at this kind of security breach.
In most cases such as this, the particular number of those who were affected as well as the forms of data accessed often changes upon further research. However, T-Mobile has assured that it has concluded its investigations and no change of information is expected to occur. There was no specific number of the customers who were affected.
T-Mobile has highlighted different ways through which any customer can reach the company in case they have any concerns or need to ask questions. For instance, T-Mobile customers can call 611 or make use of the two-way messaging service available on MyT-Mobile.com or via the mobile App. Alternatively, they can use the iMessage through the Apple Business Chat, among other means.