T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.)
-
This was reported by Motherboard yesterday and was confirmed by T-Mobile today.
The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million
-
Does this affect TMO MVNO customers?
-
@sonofzeus said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
Does this affect TMO MVNO customers?
There’s no news for MVNO customers, might have happened, might not have happened.
Which MVNO? Mint Mobile has a 2FA option requiring SMS verification before interacting with customer service.
Setting up even basic 2FA on an MVNO has always been a tricky issue.
-
@ctujackbauer Not happy. Free MLB.TV may turn out to be expensive after all. “Service Unavailable F451” trying a password change.
-
@sonofzeus said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
Does this affect TMO MVNO customers?
Re-quoting, but good news @sonofzeus , it looks like prepaid accounts possibly leaked only a little info because they keep only a bit of info according to krebsonsecurity:
Other databases allegedly accessed by the intruders included one for prepaid accounts, which had far fewer details about customers.
“Prepaid customers usually are just phone number and IMEI and IMSI,” Und0xxed said. “Also, the collection of databases includes historical entries, and many phone numbers have 10 or 20 IMEIs attached to them over the years, and the service dates are provided. There’s also a database that includes credit card numbers with six digits of the cards obfuscated.”
https://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/#more-56613
-
This may be a dumb question, but why (and how) does T-Mobile have people’s Soc. Sec numbers?
-
-
@mgr said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
This may be a dumb question, but why (and how) does T-Mobile have people’s Soc. Sec numbers?
From a Forbes site in 2013:
“For any service that requires T-Mobile to extend credit, we require some personal information so we can confirm your identity, run credit reports and ensure we send bills to the right address,” said Glenn Zaccara, a T-Mobile spokesman. “This includes name and address, as well as your Social Security number, which are required by credit agencies to run a credit report. For prepaid accounts, neither name/address nor SSN is required.”
-
So, besides changing passwords… What can I do now? I can’t change my name/address/DL/imei/etc
-
@sarahb said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
So, besides changing passwords… What can I do now? I can’t change my name/address/DL/imei/etc
- make sure you’re not reusing the old T-Mobile password on any other site
- make sure you’re not reusing a security question/answer from T-Mobile
- be vigilant about spear phishing from this hack
- consider locking down your email and other important accounts with 2FA
Not much you really can do after a breach. I just assume the info will get out there eventually.
-
Thanks @ctujackbauer
I’m pretty vigilant about keeping my info secure. This just feels too close to home (compared to a password/user name leak)
-
@ctujackbauer said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
@sarahb said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
So, besides changing passwords… What can I do now? I can’t change my name/address/DL/imei/etc
- make sure you’re not reusing the old T-Mobile password on any other site
- make sure you’re not reusing a security question/answer from T-Mobile
- be vigilant about spear phishing from this hack
- consider locking down your email and other important accounts with 2FA
Not much you really can do after a breach. I just assume the info will get out there eventually.
If I was part of this leak, I would probably go and lock my credit reports, etc, if you haven’t already. I’m sure T-Mobile is days away from giving some free benefit like that.
-
@sarahb said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
Thanks @ctujackbauer
I’m pretty vigilant about keeping my info secure. This just feels too close to home (compared to a password/user name leak)There is a silver lining, albeit a small one. The number of affected current postpaid customers is 7.8 million customers, if you believe T-Mobile. The initial motherboard report was based off the hacker/reseller advertising the database as 100 million customers, but actually it only had about 30 million.
Most of the affected (40 million or so) are recent applicants. Unfortunately, I think T-Mobile required customers to type in their Social Security numbers even when just purchasing a phone outright at places like Costco. The numbers were obscured when typing them in but if the applications were compromised, chances of it being exposed are pretty high.
-
https://www.inc.com/jason-aten/t-mobile-data-breach-50-million-accounts-how-to-protect-yourself.html
-
-
@ctujackbauer Has anyone here (or even anyone known to anyone here) been contacted by T-Mobile regarding this breach?
I’ve read recently that T-Mobile has been reaching out to those affected…
-
@ukedog said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
@ctujackbauer Has anyone here (or even anyone known to anyone here) been contacted by T-Mobile regarding this breach?
I’ve read recently that T-Mobile has been reaching out to those affected…only by email. I’d be highly suspicious of phone calls.
-
@ukedog said in T-Mobile database breach affecting 100 million customers (Social Security, Driver's License, IMEI numbers, etc.):
@ctujackbauer Has anyone here (or even anyone known to anyone here) been contacted by T-Mobile regarding this breach?
I’ve read recently that T-Mobile has been reaching out to those affected…I am not the account owner, but I believe the owner of the account my T-mobile line is on got a text about the data breach from T-mobile. If I recall, it didn’t say very much and didn’t tell them how to protect themselves and what T-mobile was going to do (McAfee coverage?).
I haven’t heard anything from T-mobile directly, but I assume I have been affected as well. So far I am not impressed at all at how they are handling this. Although I just opened the T-mobile app and now there is a banner there about the breach, linked to a page with more information and links, to McAfee coverage and how to add Takeover Protection Service to each line.
I had read an article last week that told how to turn on the protection service and did that already for all the lines on our account. I’m thinking about freezing my credit reports as well.
-
So just a heads up, if you haven’t already received spam from this breach you might be ok. I have seen quite a few show up in my spam folder the past few weeks.
Today’s spam even had gmail’s “-This message was sent from a trusted sender.” in the traditional gmail green highlighted typeface and lettering. Obviously everything else about it was fake (sender, insecure message warning from the sender, and random numbers in the email domains and email sender) so it got sent to the spam folder automatically, but be on the lookout.
I’m still peeved about T-Mobile leaking all of this anyway. If T-Mobile really had SSNs and drivers licenses all on display, geez…
