T-Mobile Admits Its Data Breach Was The Result Of SIM Hijacks Employees Were Part Of
In the past, we have seen incidents of text messages being rerouted to steal two-factor authentication codes to breach peoples’ accounts. Now, criminal hackers are being more direct in potentially using SIM swap attacks by getting a carrier—in this case, T-Mobile—to switch a customer’s number to an attacker-controlled SIM card and device.
In the last week, T-Mobile has confirmed that some sort of attack did take place on a limited number of customers. While the number of people impacted by this attack has not been disclosed, the mobile carrier has been aware of this attack vector. Specifically, the company mentioned on its site that its account takeover protection provides "additional security to your account by blocking unauthorized users from transferring your lines to another wireless carrier." However, it appears that this customer protection did not work in full as T-Mobile has confirmed a new SIM swap attack besides the one described below which dates back to October of this year.
Yesterday, T-Mobile told BleepingComputer that "a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed." T-Mobile continued, stating that these "Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team." Either way, the common denominator here seems to be that limited customer data has been accessed through T-Mobile, perhaps by threat actors going after a SIM swap attack.
This situation comes at a rather unfortunate time as T-Mobile has suffered repeated cybersecurity incidents in the last couple of years, with many more that are likely not known about. Subsequently, it is always good to regularly change your passwords and account pins as part of good cybersecurity hygiene. T-Mobile explains that doing this can "help keep your account secure and prevent ongoing fraud risk to your wireless account."