T-Mobile has acknowledged a data breach affecting up to 2 million customers. In a statement released on Thursday, the telecom company disclosed an August 20 attack.
While the attackers didn't access financial data, they may have access to other personal details. That includes names, billing addresses, zip codes, email addresses, phone numbers, and account numbers.
With it, hackers can build up a profile of victims for use in social engineering attacks. They can also cross-reference emails with previous large-scale breaches to find user's passwords.
Little Reassurance or Advice
Speaking to Gizmodo, T-Mobile confirmed that non-US attackers gained access via an API and no corporate information was accessed. It also says that affected users may not have had every category of information stolen.
The company says it shut down the attack “almost immediately” and apologizes for the inconvenience to its customers. However, under its FAQ section, it does little to reassure customers that it won't happen again.
“We have a number of safeguards in place to protect your personal information from unauthorized access, use, or disclosure,” it says, with no word of how it will better secure its systems.
Customers are able to get in touch with T-Mobile via iMessage or calling 611 for further information and advice. It's a good idea for users to change their passwords and ensure they don't repeat the same ones on different sites.
Attackers can use information such as this for fraud, identity theft, and targeted phishing attacks, so it pays to be extra cautious in the coming months.