It has been reported that hackers have recently shared a new database they claim contains sensitive customer information stolen from the American telecommunications giant, T-Mobile. However, the company denied any connection to the archive, saying it had nothing to do with it, or its clients.
A “Trove of Sensitive Details”
The Cybernews report asserts that a sample of the dataset was uploaded to a popular data leak site at 2am on June 13th, with the attackers claiming the information was as recent as the first of June. This is especially concerning as relatively “new” data would put impacted individuals at risk of high-level security concerns.
Contained in the dataset were:
- Names (first and last)
- Birthdates
- Phone numbers and email addresses
- Tax IDs
- Device IDs
- Cookie IDs
- IP addresses
According to the Cybernews research team, “If this data is legitimate, exposing 64M lines of highly sensitive information poses a serious threat of identity theft/fraud, surveillance, and further, better-targeted attacks on customers.”
T-Mobile Denies Breach Association
For not the first time, the second-largest mobile carrier in the US denied having been the target of a data breach.
Last year, the company was allegedy compromised by well-known threat actor IntelBroker, with source code available for sale on the dark web: SQL files, Siloprograms, Terraform data, Images, and t-mobile.com certifications. As proof, the attackers posted screenshots of internal developer Slack channels and administrative access to a Confluence server.
However, one source told Bleeping Computer that the screenshots of T-Mobile’s architecture were taken from earlier images posted to a third-party vendor’s servers.
This time, the company stated to Cybernews, “Any reports of a T-Mobile data breach are inaccurate. We have reviewed the sample data provided and can confirm the data does not relate to T-Mobile or our customers.”
What Is Unclear
Researchers have been unable to verify claims of T-Mobile’s connection to the breach, or whether the 64 million lines of code held in the database represent 64 million people. According to the research team, various data points like phone numbers appeared in previous T-Mobile associations, but “it was impossible to verify the archive with 100% accuracy.”
Without these pieces in place, customers cannot be notified of possible risk or take appropriate actions to prevent further damage.
These actions, designed to protect users following a breach, typically include resetting passwords and PINs, enabling 2FA, checking credit reports, using a password manager, closely watching bank and credit card accounts, and receiving credit monitoring services paid for by the compromised entity; in this case, potentially T-Mobile.
As Jamie Akhtar, CEO and Co-founder at CyberSmart, states, “Although there’s not necessarily any reason to doubt T-Mobile’s denial of the breach, it’s certainly worth being cautious if you’re a customer. The sensitive data hackers claim to have stolen could be used to launch personalised phishing attacks, steal identities, or commit fraud.”
It Is No Longer Enough to Rely on Company Cybersecurity Alone
As even enterprises with the money to invest in generous cybersecurity programs continue to get breached, or serve as enticing targets for attack, end-users must go beyond trust in company-based protections alone.
Akhtar offers a simple list of three things customers can do to ensure peace of mind where data sharing with large companies is concerned.
- Reset Passwords and Invest in Multi-factor Authentication (MFA): “if you haven’t already, reset your password and switch on multi-factor authentication. This will make it very tricky for hackers to compromise your account even if they have login credentials. As a rule, it’s worth doing this for every account you use, not just T-Mobile.”
- Be On the Watch for Unsolicited Calls and Emails – They Could be Scams: “If this data is legitimate, hackers will likely use it to target you with phishing scams. Remember, if you’re at all in doubt about whether a communication is genuine, trust your gut.”
- Monitor All Financial Accounts: “[In this case] it doesn’t appear that any financial data has been stolen, but that doesn’t mean cybercriminals won’t try to commit fraud or identity theft with the data they do have.”
In a climate where threat actors are eager to brag about, or fabricate, their latest heist, users need to realize on thing: that the value of their data goes hand-in-hand with their shared burden of data security.
An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation, and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire, and many other sites.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.