T-Mobile's Latest Data Breach Linked to SIM Swap Attacks

[bkaus]

This is why authentication apps are the way to go nowadays. Unfortunately a lot of companies still don't support using them. Hopefully in 2022 we will see widespread adoption. I've started using the new one built into Apple devices and it works well.

Yes, I hope the Apple integration makes these more common. Less dependence on a phone number would reduce the reward and possibly the hacking attempts in the phones.

It always leaves the problem of what happens when you loose your authenticator app or codes.

 

[hrMACnstuff]

we're still talking about internet security and privacy at the end of 2021 with all the "eyes" out there? everyone knows companies are the oracle of truth and that people are the evil ones out to do companies harm. companies are never at fault. they're here to keep us safe (buzzword of the year. last year is was hero) lol.

 

[BreakYurAnkles]

this is a double edged sword for sure.

first off

most, if not all postpaid carriers need pretty much all your info to "get you setup for service".

second is the high cost of devices are now financed or bill credited. so they need your information for credit checks etc.

humans are an extremely weak link for sure. social engineering is a strange environment that seems to be pretty easy to manipulate.

It makes me comfortable that I'm not a heavy mobile/cell user, that I can save money and my personal data going prepaid and buy my devices outright in cash.

 

[ilikewhey]

tmobile is like that shady uncle during holiday, when i was with them i did 3 trade ins and they all magically disappeared from tmobile's warehouse. almost took them to small claim court cause they wanna charge me 2 grand for their mess. with that experience, this sim swap situation isn't that surprising.

 

[sudo-sandwich]

After giving up all the information TMobile decides to take security seriously?

How about a law that requires ANY company that takes your SSN to be required to hire outside security companies, who are bonded and audited, to maintain a robust defense rather than just some in house clowns that manage an Armenian or Indian team.

Wait, are Armenian teams common now?

 

[sudo-sandwich]

This is why authentication apps are the way to go nowadays. Unfortunately a lot of companies still don't support using them. Hopefully in 2022 we will see widespread adoption. I've started using the new one built into Apple devices and it works well.

Auth apps started on the wrong foot with the most famous one, Google Authenticator, being user-hostile. It was super unclear and difficult to transfer the auth codes to a new phone, and often the answer you found was "you're not supposed to do that." They gradually conceded and added ways to do that, but it's still unclear how to back them up, which has resulted in many users (even tech-savvy ones) being locked out of accounts. If people are relying heavily on account recovery mechanisms, that could actually make things worse.

They need to give up on the idea that people will naturally switch to the most "secure" thing and focus instead on usability first. Apple's built-in 2FA does it right, but it's single-platform.

 

[44267547]

tmobile is like that shady uncle during holiday, when i was with them i did 3 trade ins and they all magically disappeared from tmobile's warehouse. almost took them to small claim court cause they wanna charge me 2 grand for their mess. with that experience, this sim swap situation isn't that surprising.

I don’t trust T-Mobile in general. Never have. They have so many hyped up gimmick-‘Gotcha’-marketing tactics that are misleading, that consumers are to obtuse who don’t see through them. Sim swapping is just another avenue.

 

[rishey]

Just curious, how does eSIM solve this? It’s not like they are actually swapping physical SIM cards…

That's right. I was one of these victims the article mentioned. I was using an eSIM and still got SIM swapped. T-Mobile told me it was due to the data breach. eSIM only makes the PHYSICAL theft of a SIM card more difficult.

 

[sudo-sandwich]

I don’t trust T-Mobile in general. Never have. They have so many hyped up gimmick-‘Gotcha’-marketing tactics that are misleading, that consumers are to obtuse who don’t see through them. Sim swapping is just another avenue.

Same, everything about them screams coupon-clipping and money-pinching. I'd rather pay slightly more and get a carrier that'll just work like AT&T or Verizon. T-Mobile's coverage in the Bay Area is spotty too. I'm never the guy in the group with 0 bars, it's always someone on T-Mo. But hey, they get to stream video from select partners without counting against the cap!!1

 

[rishey]

So, which carrier is the most secure? Is there a clear winner?

 

[sudo-sandwich]

So, which carrier is the most secure? Is there a clear winner?

No, only clear losers.

 

[BreakYurAnkles]

So, which carrier is the most secure? Is there a clear winner?

There are only trade offs.

depending on your personal usage and needs. but if you want your personal data safe. go prepaid unlimited with any carrier that has good coverage in your area.

but if you finance your phone, its hard to go prepaid. Some prepaid carriers offer long-term financing (which is another personal data/info threat).

going prepaid means that most likely you'll have to purchase the phone outright at full retail price.

 

[kingtj1971]

* sigh *

It's not just T-Mobile

A major telecom company that partners with AT&T and Verizon said hackers had access to its system for over 5 years, exposing billions of texts

Syniverse, which is used by companies like AT&T and Verizon, revealed that hackers had been inside its system for years, affecting millions of users.

www.businessinsider.com

Hackers in Cox Communications Data Breach Impersonated Company’s Support Agent to Access Customer Information - CPO Magazine

Cox communications data breach notification disclosed that unauthorized individual(s) accessed sensitive customer information after impersonating the company's support agent.

www.cpomagazine.com

Verizon’s Visible confirms accounts were breached – report

Some customer accounts for the Verizon-backed all-digital prepaid brand Visible were breached after bad actors obtained password and login information from “outside sourc | Some customer accounts for the Verizon-backed all-digital prepaid brand Visible were breached after bad actors obtained...

www.fiercewireless.com

Yep! I made this point on another forum discussing this incident. Everyone screams to "slap them with huge fines!" and so forth. But IMO, computer security is more an illusion than reality. If you give personal info to ANY entity to hang onto, there's a good chance it will get leaked out, period. I'm not against imposing punishments for this stuff -- but there's just as much, if not more incentive for people to spread personal data around. And every company has to have employees in it with full access to the info (or there would be no point in collecting it to start with!). Any of them can copy and leak it out, no matter how good the security is on their servers and network against outside intrusions.

It's been said that every working credit card in America is already hacked. Basically, if you have a valid card? Someone else has a copy of it in a stash of cards they obtained. The only reasons your card isn't getting unauthorized charges placed on it is the fact there are millions of them in circulation and hackers didn't get around to trying to use yours yet. Or optionally, they already did but the card processor or bank stopped the transaction from completing because it was clearly fraudulent or unintended. We don't really know how often that happens and the cardholder is never told.

 

[BrownyQ]

So, which carrier is the most secure? Is there a clear winner?

No such thing.

As a former employee of one of the major carriers in the states, security at the lowest level, that being retail workers, is at best half-hearted. While we were told granting access to or making modifications without the account holder's consent *could* be punishable by criminal charges or lawsuits, this never actually happened.

At most you got a slap on the wrist by your supervisor, the "damage" was reversed in the system to the best of our ability, and credits would be approved to make up for damage perceived. Enough of these and you're out a job, but rest assured, more often than I'd care to admit, the employees are being ordered by higher ups to pull shady things to boost numbers.

 

[Wags]

This will be no news tomorrow. Until there is real public outrage for accountability and fines that would matter to companies then just another one day bad news drop.

 

[CoMoMacUser]

Just curious, how does eSIM solve this? It’s not like they are actually swapping physical SIM cards…

It doesn't. An eSIM is still susceptible to port-out scams.

 

[macsareveryinteresting]

No wonder Apple wants to transition into eSim. T-Mobile is just attracting data breaches at all times now.

View attachment 1935860

They are turning into Google. Literally attempting to steal and make people's accounts get their information stolen.

 

[macsareveryinteresting]

The amount of vulnerable and substantial information that isn't even hidden in T-Mobile petrifies me. That's one reason why I stick with Verizon.

 

[macsareveryinteresting]

Just curious, how does eSIM solve this? It’s not like they are actually swapping physical SIM cards…

It protects information from hacks and breaches. People can't steal information as easily with an eSIM card.

 

[macsareveryinteresting]

So, which carrier is the most secure? Is there a clear winner?

I'd say probably AT&T. I used to have it for the longest time, and I never heard once of a hack. I've had Verizon for a while now and not anything for Verizon. Answer:AT&T

 

[CoMoMacUser]

I'd say probably AT&T. I used to have it for the longest time, and I never heard once of a hack.

SIM-Swap Update: CNN Breaks News on AT&T Hacking - Legal Options for Victims - Stoltmann Law

blog.stoltmannlaw.com

AT&T Pushes for Arbitration in Customer’s SIM Swapping Crypto Hack Case - Tech

AT&T says that a man who sued the company for his six-figure cryptocurrency loss after being victimized by a SIM swap must arbitrate his claims. The

lawstreetmedia.com

 

[macsareveryinteresting]

SIM-Swap Update: CNN Breaks News on AT&T Hacking - Legal Options for Victims - Stoltmann Law

blog.stoltmannlaw.com

AT&T Pushes for Arbitration in Customer’s SIM Swapping Crypto Hack Case - Tech

AT&T says that a man who sued the company for his six-figure cryptocurrency loss after being victimized by a SIM swap must arbitrate his claims. The

lawstreetmedia.com

Well yes, they're are going to be some hacks and breaches. But not as much as the other carriers.

 

[jasonsmith_88]

It protects information from hacks and breaches. People can't steal information as easily with an eSIM card.

What? Their servers were hacked, not the sim cards. The safety of your data on a server has nothing to do with the type of sim card you use in your phone.

 

[PC_tech]

The people at T-Mobile are completely incompetent. I have an "account password" setup on my account which they're supposed to ask for when you walk into a store or call them on the phone, and they have NEVER asked me for this password. Additionally, they offer ZERO ABILITY to use 2-factor authentication with an authentication app. They REQUIRE you to use your cell phone to receive an authentication text, which has been known for almost 20 years now of being the easiest & quickest way to hack into anybody's cell phone account! ??? Truly incompetent.

No we don’t, maybe the store that you went into was run poorly…

 

[Rafterman]

Does eSIM really fix this though? The SIM can still be illegally changed out, whether physically or eSIM, unless I’m missing something.

It doesn't. It was a failiure in their employees, not the tech.