The T-Mobile Hack: At Least 49 Million Accounts Compromised…


August 19, 2021

The T-Mobile Hack: At Least 49 Million Accounts Compromised...

Telecom giant T-Mobile has been hacked. AT LEAST 49 million accounts have been compromised. The leaked data includes things like:

  • Full names 
  • Birthdays
  • Addresses
  • Phone numbers
  • Account PINs
  • Social Security numbers 
  • Driver License numbers

All the information someone would need to ruin your credit. Served up on a smorgasbord by some magenta-clad moron out in Bellevue, WA.

Details are still sketchy regarding how hackers were able to get into T-Mobile’s systems, and I assume they’ll remain so. What matters now is those records, reported to be 49 million by various news sources (but closer to 100 million according to the hackers), are now for sale online. The thieves are looking for close to $300,000 for the records.

This is a real bummer for anybody who uses the “Un-Carrier” for their mobile phone service. Unfortunately with hacks like this, there’s no real way to undo what’s been done but we have a few suggestions.

If you’re a T-Mobile Customer:

  1. Change your PIN – Every account has a PIN (personal identification number) associated with it. Since PINs were compromised in this breach for between 49 million and 100 million accounts, there’s a decently good chance yours was one of them. Honestly though, even if your’s WASN’T one of the compromised accounts you need to log in and change your PIN immediately, just to be safe.
  2. Enroll in the FREE Identity Theft Protection Program T-Mobile is Offering – Shortly after the hack was made public T-Mobile announced they’d be offering customers two FREE years of Identity Theft Protection via McAfee’s ID Theft Protection Service. They’re also encouraging people to sign up for T-Mobile’s Account Takeover Protection service. You’ll be able to find out more information regarding these things via the T-Mobile customer portal.
  3. Change Your Password Too – While you’re in their system you might as well change your password. It’s good practice to change your passwords regularly to maintain good security hygiene and there’s no time like the present to start doing so.

General Advice for Anybody Reading this (T-Mobile Customer or Not)

  1. Run a Leaked Credential Report – Most people don’t know how to see whether or not their credentials have been exposed. That’s where services like Have I Been Pwned come in. The service keeps track of data breaches and allows users to enter their email addresses and see if it’s been exposed on the Dark Web. Results come up instantly and they tell you which services you use have been compromised. Security7 offers a similar service for businesses, that you can sign up for if you’re worried your business email has been compromised.
  2. Monitor and/or Freeze Your Credit Reports – This is a legitimate pain in the rear end but it’ll protect you better than anything else. The three big credit bureaus (TransUnion, Equifax, Experian) all allow people the ability to not only check their credit scores for free once a year but the ability to FREEZE their credit report as well. Once frozen no one can open up new accounts in your name (using information potentially stolen from T-Mobile or somewhere else). Now, if there’s a downside to this (and there is), it’s this; you’ll need to jump through hoops to unfreeze your credit reports and it’ll cost you a couple of bucks in the process. Yeah, it’s still better than having your identity stolen, but it’s a hassle and the credit bureaus are not…user-friendly. Of course, your mileage may vary.
  3. Close Zombie Accounts – Braaaaaains! Sorry, couldn’t resist. A zombie account is an account you signed up for or opened and then promptly abandoned. Maybe you didn’t like the service. Maybe you completely forgot about it. Either way, it’s out there, shuffling along on the internet, just waiting to be snatched up. Trying to remember where you spread out information can be difficult, thankfully most internet browsers record password instances and a simple search through your settings could reveal where some of these are. If you’re a more advanced user you might even have a password management service that does the very same thing. The important thing to do is spend some time finding out where these accounts are and then terminating them with extreme prejudice like you’re a member of the ever-present biker gang in a George Romero movie and you’re out hunting the undead.

Other than that there isn’t much more you can do. Unfortunately, it’s a waiting game. It’s not a matter of if your information will be leaked, it’s a matter of when. It’s going to happen. There’s no way around it’s just a question of if it’ll be today or tomorrow. It’s coming. Be ready for it.

content here…

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...