Does T-Mobile have another breach?

marcoegpa

    In the evening of January 10 I was alerted after receiving two consecutive text messages from T-Mobile saying that "The SIM card for XXX-XXX-XXXX has been changed. Visit t-mo.co/acct-history to view account history. If this change is not authorized go to t-mo.co/help or call 611". A click to t-mo.co/acct-history started Safari to a page that could not open. A visit to the help page was completely non informative about the specific message as well.

     

    I then called 611 and the first representative I spoke to spent all her time to give me an empty talk of how much T-Mobile cares about my security. Even worse she kept re-insuring me that after checking (who knows what), the account was safe to use. She could not answer my question of how it was possible that the SIM card was changed with me not doing anything to the phone or having it initiated myself from a store or online. I didn't let it go and I have asked to escalate the issue, and my call was transferred to a support manager.

     

    In the meanwhile I noticed that I started to receive notices from other services notifying me of attempts to use my accounts from new devices, changes to the PIN and so forth. One of them succeeded in using an email address they knew, and a simple 1-step verification using the confirmation code in an text message  that the hijacker received and not me.

     

    One of the suspicious notifications I received was from T-Mobile itself, saying that "Equipment has been moidfied for device # XXXXXXXXXX. The imsi has been changed from # X---------41211 to # X----------21142.". (spelling error in the original). I have asked the second T-Mobile representative about how it was possible that the IMSI was changed without any action on my side. In addition to the same useless talk of how much T-Mobile cares about my security, I got the impression that he didn't even know what an IMSI was. As a consolation and to move on, he insured that an investigation would have started.

     

    After hanging up, I spent a few hours patching things around and as a safety measure, I had to cancel six credit cards, change passwords and so on. In the attempt to avoid detection, and after trying to get into important accounts of mine, the hijacker had restored the original IMSI and I was able to use the phone. Hence the second consecutive, identical text message.

     

    In the middle of the night, I called again 611 to ask if they had found something in the meanwhile. This time I had a better idea of the breach and I tried to explain that in my opinion it was a serious breach and that I had clear evidence that T-Mobile had leaked my data, including my email addresses and the IMSI, a number that I assume, T-Mobile would not even have given to me even if I begged.

     

    Needless to say they had nothing useful to report, not even a trivial explanation of what happened and of course I got the usual mantra, and no admission of any wrongdoing or data breach. It was not the representative's fault as this whole discussion was obviously above her pay grade (and of her supervisor as well).

     

    One day has passed and I have no updates. What has happened is obvious to me as this is either a tail of the data breach T-Mobile had in 2018 and for which I was not alerted, or is a whole new data breach.

     

    I have been a T-Mobile customer since they have arrived in California through an acquisition in year 2001. At some point I had 20+ T-Mobile SIMs for my company. It is great that T-Mobile cares about my security, but they don't seem to be able to protect their network or to write an API that doesn't leak their customers private and very crucial information like the IMSI numbers. Unless I hear some very detailed and a convincing technical explanation of the incident, my days with T-Mobile are numbered.

     

    I invite everyone to be super alerted.

      All replies

      • barcodeable

        Re: Does T-Mobile have another breach?

        Thank You for providing this information.

        If there is a current data breach as you implied... the public won’t officially find out until a year and a half from now.

        T-Mobile may be doing something to counteract these data breaches... but when a company fail to inform you of what’s really going on, thats a big FAIL on their end.

          • marcoegpa

            Re: Does T-Mobile have another breach?

            Not true: T-Mobile Says Hackers Accessed Data on Millions of Customers.

             

            I am not sure how your comment answers my question or adds anything useful to explain what has happened to me.

              • barcodeable

                Re: Does T-Mobile have another breach?

                I was not adding to your post, nor was I trying to explain what has happened to you. I was merely thanking you for posting up your terrible experience because the public should be aware of such incidents and consequences of being a victim. And that data breach that you linked to happened August 20th 2018. T-Mobile‘s data have been compromised many times prior to August 20th.

                 

                I have received a Class Action notification.... to join a lawsuit against T-Mobile regarding my personal data being exposed. And this Class Action lawsuit wasn’t for the August 20th data breach. But I can add.... T-Mobile didn’t notify me directly regarding my data being stolen, I learned it from media news outlets.