It hasn’t been very long since T-Mobile experienced its latest major hack, but unfortunately, here we are again. Hackers have again accessed customer data, with 37 million customers being affected amongst both their prepaid and subscription-based accounts.
Let’s dive into the situation, and what can be learned from it.
Unfortunately, there’s not much good news to accompany the bad.
The hackers responsible utilized a common tactic and targeted an Application Programming Interface, or API. An API is a code that allows an application to securely connect to the Internet and communicate with other apps, and is what allows various things—like smart appliances and payment applications—to function properly.
While APIs are generally made to be secure, they are not infallible…something that T-Mobile has found out the hard way.
As a result, quite a bit of sensitive information was made available…not financial information, fortunately, but still, a lot of data was breached.
T-Mobile apparently discovered the hack on January 5th, but only after the breach had been active for over a month, the API first letting those responsible in on November 25, 2022. While the hack was apparently resolved on January 19th, or as the company reported, “the malicious activity appears to be fully contained at this time,” its investigations have continued.
Unfortunately for the telecom, T-Mobile has had a pretty consistent track record of suffering from breaches and hacks. This particular breach was preceded by an even larger one in August 2021, which itself followed attacks in 2020, 2019, 2018, and 2015, with millions of dollars paid out in settlements.
Do you see the important takeaway here?
While API attacks are tricky to catch, it is important that your business does all it can to catch as many attacks as possible. On top of that, you need to do everything you can to protect yourself and your data from any kind of harm. Fortunately, Attend IT Limited is here to help. Give us a call at 020 8626 4485 to learn more.
About the author