The stolen data also includes “encrypted” passwords.
Another day, another T-Mobile data breach. This time, the telecommunication giant T-Mobile has announced that it has suffered a data breach in which unknown hackers have stolen personal data of 2 million customers.
According to the official statement by T-Mobile, on August 20th, its cybersecurity firm identified an unauthorized access to certain information of its customers including names, phone numbers, email addresses, billing zip code, account number and account type both post and prepaid.
Initially, T-Mobile claimed that customers’ financial data such as credit and debit card information, social security numbers or passwords were not accessed in the attack however in a statement to Motherboard, the company acknowledged that the stolen data also included “encrypted passwords.”
Here it must be noted that Motherboard shared a sample of stolen data with several IT security researchers who noted that stolen passwords were hashed with MD5 algorithm cracking of which is considered as a piece of cake.
The attack affected “about” or “slightly less than” 3% of its 77 million customers, revealed T-Mobile.
T-Mobile said it will contact affected customers via a text message however in case you have not received any text, it indicates that your data is secured.
This is not the first time when T-Mobile is making headlines for all the wrong reasons. In October 2017, another flaw was identified in T-Mobile website that allowed hackers access sensitive information of the cell phone carrier’s customers including email IDs, IMSI, billing account numbers and the standardized unique number of the phone that verifies subscribers, etc. The flaw was actively exploited for hijacking customers’ phone numbers before it got fixed.
In February this year, a British hacker Kane Gamble reported a critical vulnerability believed to be so dangerous that it can let hackers hijack any customer account with ease by posing as a customer through T-Mobile website.