T-Mobile customers became concerned today as they reported being able to access other customers’ accounts and billing details when logged into the company’s official mobile application.
Social media was filled with user reports revealing that the exposed information included sensitive data such as customer’s names, phone numbers, addresses, account balances, and even credit card details, expiry dates, and last four digits.
The Verge initially broke the story, highlighting that some affected customers were not only viewing their own data but also unknowingly gaining access to the private information of multiple other individuals when logged into their own accounts. Were.
This issue has been a topic of discussion for some time now and many reports were surfacing on platforms like Reddit and Twitter. What is shocking is that some T-Mobile customers have expressed their concerns and frustrations, claiming to have experienced this privacy breach in the last two weeks.
One customer shared, “I reported this issue when it first came up on Reddit 2 weeks ago and sent pictures of someone else’s information to their security team. No response, but wow, just wow.”
Another customer lamented, “I have raised this issue with T-Mobile representatives in the past, as well as my concerns about having to go to the Metro activation line while my phone services are suspended.”
However, T-Mobile clearly stated that the incident was not the result of a cyberattack and that their systems were not compromised.
Despite the large number of reports from affected customers, T-Mobile downplayed the scale of the incident, claiming that it affected less than 100 individuals. A spokesperson for the company elaborated, “There was no cyber attack or breach at T-Mobile. This was a temporary system glitch related to a planned overnight technology update involving limited account information for less than 100 customers, which was immediately resolved.” Was resolved.”
T-Mobile’s troubled data history
This latest incident adds to T-Mobile’s growing list of data-related challenges. In May, the company disclosed its second data breach of the year, affecting hundreds of customers whose personal information was exposed between late February and March following an attack on the carrier’s systems.
Earlier in January, T-Mobile disclosed another data breach in which sensitive information of 37 million customers was stolen through one of its application programming interfaces (APIs).
Since 2018, T-Mobile has suffered seven other data breaches:
- In August 2018, attackers gained access to the data of about 3% of T-Mobile’s customer base.
- In 2019, the account information of an unknown number of prepaid customers was exposed.
- In March 2020, T-Mobile employees became victims of a breach that exposed their personal and financial data.
- In December 2020, threat actors infiltrated customer proprietary network information, including phone numbers and call records.
- In February 2021, unauthorized access to internal T-Mobile apps occurred by unknown attackers.
- In August 2021, hackers managed to infiltrate T-Mobile’s network after breaking into a test environment.
- In April 2022, the notorious Lapsus$ extortion group breached T-Mobile’s network using stolen credentials.