T-Mobile confirmed a security breach that leaked over 48 million current, former, and prospective users. T-Mobile says it closed the server vulnerability hackers used to access the files, but the leaked information is now for sale online.
According to the hackers selling the database, it includes first and last names, dates of birth, Social Security numbers, and driver’s license numbers of over 7.8 million postpaid subscribers, 850,000 prepaid customers, and more than 40 million “past or prospective” customers—plus account PINs for some of the 7.8 million postpaid subscribers.
On the “bright side,” T-Mobile says no financial or billing information was leaked. However, all of the leaked information is highly sensitive and could easily help someone steal your identity if your information was stolen.
T-Mobile will be contacting those affected with instructions on changing your account’s PIN and updating your security settings. Affected users will also receive two years of McAfee’s ID Theft Protection Service.
However, even if you don’t hear from T-Mobile, it’s still possible your information may be compromised. The seller claims there are records for over 100 million current and former customers in the database—including people who simply applied for T-Mobile service but never opened an account. This means more users could be at risk than the 48 million T-Mobile has confirmed.
G/O Media may get a commission
All active T-Mobile customers should change their passwords and account PINs immediately, and anyone who used the carrier in the past, or even applied for potential service, should tune up their general data security. Here are some suggestions:
- Update any other accounts that use the same password as your T-Mobile account—and please stop re-using passwords. A password manager can help you keep track of all your unique logins.
- Sign up for two-factor sign-ins and login alerts on every account you use.
- Remove as much personally identifying info as possible from your T-Mobile profile and other accounts.
- Monitor your bank accounts and other financial services and payment methods like PayPal or Venmo for suspicious activity. Report anything you don’t recognize.
- Look out for phishing attacks, malware trojans, and other scams. Hackers and scammers will send misleading messages containing malicious links or fake special offers to pilfered email addresses, phone numbers, and social media accounts compromised by data breaches.
These steps will help mitigate the impact of the T-Mobile breach—and any data breach, for that matter—along with other smart data security decisions like using a VPN, turning on privacy settings in browsers/apps/websites, enabling ransomware protection, encrypting important files and hard drives, and installing reliable anti-virus software on your devices.
[9to5Mac]
