T-Mobile breached important data stolen

[Sunset]

I've been following this news item for the past couple of days and haven't seen it posted here. I searched but didn't find it.

I'm posting here, because folks may ignore it somewhat since so many data breaches have happened in the past from lots of companies.

This time it's DIFFERENT.
Part of the hack may have stolen PIN numbers for T-mobile accounts. With this PIN a person can perform a sim theft. (claim they are you, sim is broke, get a new sim with your existing phone number on a burner phone).
Then they have access to break many 2-factor authorization.
They can then go to every large bank/brokerage and put in your email and click on forgot password, receiving the code on their phone to change your password.

I noticed T-mobile reset PINs for pre-paid customers, as we got a text out of the blue that said they had done this. Pre-paid customers cannot reset the PIN online, maybe this is why they did it.

If you are a T-mobile customer, I recommend changing your password (can be up to 50 characters long) and the PIN (easy for post-paid customers, not available for pre-paid).

T-mobile admits they were breached.
https://www.t-mobile.com/brand/data-breach-2021?icid=MGPO_TMO_P_21DTASECRT_8SZBD38SJT3BHWAY26101

"We have determined that the types of impacted information include: names, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, and T-Mobile account PINs"

Their site does not make it obvious about the links to getting more information, a subtle hiding technique IMHO.
Here is another of their pages of great detail and offers to mitigate it:
https://www.t-mobile.com/news/netwo...tion-regarding-2021-cyberattack-investigation
This affects nearly ALL customers.

 

[O2Bfree]

This time it's DIFFERENT.
Part of the hack may have stolen PIN numbers for T-mobile accounts. With this PIN a person can perform a sim theft. (claim they are you, sim is broke, get a new sim with your existing phone number on a burner phone).
Then they have access to break many 2-factor authorization.
They can then go to every large bank/brokerage and put in your email and click on forgot password, receiving the code on their phone to change your password.

I wonder if T-mobile would send a text to the phone with the supposedly broken sim to see if it's really broken, thus alerting you to what's happening?

 

[ShokWaveRider]

Thanks, I already changed our creds. All Credit cards are frozen.

 

[braumeister]

I just changed my password and PIN for T-Mobile. It only took a couple of minutes. They say there is no evidence that postpaid customers had their PIN stolen, but better safe than sorry. I've been extremely happy with T-Mobile service for the last four years, so I'm willing to be understanding about this.

 

[Sunset]

I wonder if T-mobile would send a text to the phone with the supposedly broken sim to see if it's really broken, thus alerting you to what's happening?

But if you miss the text (driving, sleeping, at work, etc) it would fail as a test.

 

[Boose]

Sunset, thanks for posting this info. I hadn't heard anything from T-Mobile but DH is the primary account holder (postpaid).

 

[rodi]

Thanks for posting this. Our family are all t-mob users.

 

[ERD50]

I noticed T-mobile reset PINs for pre-paid customers, as we got a text out of the blue that said they had done this. Pre-paid customers cannot reset the PIN online, maybe this is why they did it.

We have two old phones with the grandfathered T-Mobile SIMS - I reload with $10/year, just to have a spare active phone in each car in case we forget/lose/damage our phone.

Have not got a text on either one?

-ERD50

 

[audreyh1]

I wonder if T-mobile would send a text to the phone with the supposedly broken sim to see if it's really broken, thus alerting you to what's happening?

I suspect so, yes.

We also get emails for any changes.

But we changed the PIN and passwords and turned on Account Takeover Protection.

 

[neihn]

Hi Sunset.

Thanks for the heads up. Changed password, pin, also added google authenticator.

 

[CDRE]

I was able to change my PIN but received a failure error when attempting to change my password. I waited a few hours and tried again and it still failed. I called 611 and the automated help desk did a password reset, provided a temporary password via text message to login. The temp password immediately requires me to enter a new password. Again, same failure error with two different browsers. The failure error is: "Service Unavailable.

F451 : Uh-oh, it looks like we have our wires crossed. Please try again later."​

 

[audreyh1]

I think T-mobile site was very busy today.

I had better luck using their app on my phone.

 

[Koolau]

T-Mobile now gets to join the "Major Breach of the Month Club." Oh, and see my tag line. YMMV

 

[CDRE]

I tried again this morning using the temporary password they provided yesterday and it was not recognized. However, when using my previous password, I was finally able to change my password. Yea!

 

[Badger]

I changed my password yesterday. An hour ago this morning tried to make a few phone calls and it indicated it was calling but I heard no dial tone or ringing and then it finally hung up. Looks like my phone is useless at the moment.


Cheers!

 

[Sunset]

I heard on the news the number of customers affected is now up to ~55 million !

https://stetsoncg.com/2021/08/20/t-...0-million-people-on-august-20-2021-at-953-am/

"T-Mobile on Friday announced roughly 6 million additional accounts had data was swiped in a recent hack, bringing the total number of victims of the breach to over approximately 55 million individuals."

 

[audreyh1]

I changed my password yesterday. An hour ago this morning tried to make a few phone calls and it indicated it was calling but I heard no dial tone or ringing and then it finally hung up. Looks like my phone is useless at the moment.


Cheers!

I can’t imagine how changing your password would affect that!

 

[Badger]

I can’t imagine how changing your password would affect that!

I'm not sure why it happened but I spent a few unsuccessful hours going to T-Mobile website and every setting on my phone with no luck. I couldn't even receive calls. Finally I got too frustrated and shut the phone completely down. An hour later I turned it back on to use one of the apps and tried the phone. Now it works! This has never happened before. Quite a coincidence.


Cheers!

 

[audreyh1]

My husband occasionally sees no cell signal and has to shut down and restart his phone and it works again.

 

[O2Bfree]

My husband occasionally sees no cell signal and has to shut down and restart his phone and it works again.

We have TM phones and have seen this at home sometimes. Not for a couple weeks now though.

 

[Iggysmom]

Beware that this hack is much worse than the typical one, which involves theft of credit card info. Here, the hackers got ssns birthdates and drivers' license info. That means they have ALL of the info necessary to get into bank accounts (not just credit cards), brokerages, and even file taxes (or get refunds) in your name. And there's not a lot of ways to protect yourself. The credit monitoring services don't cover deposit (bank/brokerage) accounts or taxes. We really need the government to come up w a way for us to address this.

 

[audreyh1]

We have TM phones and have seen this at home sometimes. Not for a couple weeks now though.

Doesn’t happen to me. DH will be cussing out no signal, my phone sees plenty of signal. Once he restarts his phone, he sees signal too.

 

[Markola]

If open-sourced, distributed, block chain technology can really fix this hackable, centralized internet that’s been built, making us so vulnerable, it can’t come soon enough for me.

 

[Sunset]

Beware that this hack is much worse than the typical one, which involves theft of credit card info. Here, the hackers got ssns birthdates and drivers' license info. That means they have ALL of the info necessary to get into bank accounts (not just credit cards), brokerages, and even file taxes (or get refunds) in your name. And there's not a lot of ways to protect yourself. The credit monitoring services don't cover deposit (bank/brokerage) accounts or taxes. We really need the government to come up w a way for us to address this.

I wish all the financial sites offered those little dongles/devices that generate a random number every minute.

But not the phone app type, as if the sim is stolen/swapped/copied then they could download the app as well and the app probably would work thing it's on my phone. (I have no idea, but makes sense).

I'm thinking of moving all my assets to companies (banks & brokerages) that offer dongles. Anybody know which ones

 

[audreyh1]

Fidelity has my voice print on file.

They and other financial institutions use email to communicate with us.

And none of the above use our email as the user name for logging in.

How hackable is your email account? We have our own domain.

Yes, I agree protecting your phone number is very important.