API Data Breach At T-Mobile Resulted In The Theft Of 37 Million Accounts’ Information

T-Mobile disclosed a new data breach after a threat actor accessed one of its application programming interfaces and stole the personal information of 37 million active postpaid and prepaid customer accounts (APIs).

An API is a software interface or mechanism that is typically used by applications or computers to communicate with one another.

Numerous online web services utilize APIs so that their online applications or external partners can retrieve internal data with the proper authentication tokens.

While T-Mobile did not disclose how their API was exploited, threat actors frequently discover vulnerabilities that allow them to retrieve data without first authenticating.

The breach affects 37 million accounts

T-Mobile disclosed on Thursday that the attacker began stealing data using the vulnerable API on November 25, 2022. The mobile carrier identified the malicious activity on January 5, 2023, and terminated the attacker’s API access the following day.

The company stated that the API abused in this security breach did not grant the attacker access to driver’s licenses or other government ID numbers, social security numbers/tax IDs, passwords/PINs, payment card information (PCI), or other financial account information of affected customers.

“Rather, the affected API can only provide a limited set of customer account data, such as name, billing address, email, phone number, date of birth, T-Mobile account number, and information such as the number of lines on the account and plan features,” T-Mobile said.

“According to the preliminary findings of our investigation, the bad actor(s) obtained data from this API pertaining to approximately 37 million active postpaid and prepaid customer accounts, although many of these accounts lacked the complete data set.”

In a separate press release, the company described the data stolen in this attack as “basic customer information.”

T-Mobile has informed U.S. federal agencies of the incident and is now collaborating with law enforcement to investigate the breach.

The carrier is also notifying customers whose sensitive personal information may have been compromised as a result of this breach.

T-Mobile stated, “Our investigation is ongoing, but the malicious activity appears to be fully contained at this time, and there is no evidence that the bad actor was able to breach or compromise our systems or network.”

Eighth data breach at T-Mobile since 2018

While this is the first breach disclosed by T-Mobile since the beginning of 2019, the mobile carrier has disclosed seven other data breaches since the beginning of 2018, including one in which attackers gained access to the data of approximately 3% of T-Mobile customers.

In 2019, T-Mobile exposed the data of prepaid customers. In March 2020, unknown threat actors also accessed the email accounts of T-Mobile employees.

In February 2021, unauthorized access was gained to an internal T-Mobile application. In December 2020, unknown threat actors gained access to customer proprietary network information (phone numbers and call records).

Several months later, in August 2021, after breaching the carrier’s testing environments, hackers brute-forced their way into T-network. Mobile’s

After the breach in August 2021, the carrier failed to prevent the stolen data from being leaked online despite paying the attackers $270,000 via a third-party company.

In April 2022, the company also confirmed that the Lapsus$ extortion gang had compromised its network using stolen credentials.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.