The breach went undetected for over a month before T-Mobile detected the malicious activity. | Illustration by Alex Castro / The Verge

T-Mobile has revealed the company’s second major breach in less than two years, admitting that a hacker was able to obtain customer data, including names, birth dates, and phone numbers, from 37 million accounts. The telecom giant said in a regulatory filing on Thursday that it currently believes the attacker first retrieved data around November 25th, 2022, through one of its APIs.

T-Mobile says it detected malicious activity on January 5th and that the attacker had access to the exploited API for over a month. The company says it traced the source of the malicious activity and fixed the API exploit within a day of the detection. T-Mobile says the API used by the hacker did not allow access to data that contained any social security…

Continue reading…

By

Leave a Reply

Your email address will not be published.