While the attackers didn’t access financial data, they may have access to other personal details. That includes names, billing addresses, zip codes, email addresses, phone numbers, and account numbers. With it, hackers can build up a profile of victims for use in social engineering attacks. They can also cross-reference emails with previous large-scale breaches to find user’s passwords.
Little Reassurance or Advice
Speaking to Gizmodo, T-Mobile confirmed that non-US attackers gained access via an API and no corporate information was accessed. It also says that affected users may not have had every category of information stolen. “We have a number of safeguards in place to protect your personal information from unauthorized access, use, or disclosure,” it says, with no word of how it will better secure its systems. Customers are able to get in touch with T-Mobile via iMessage or calling 611 for further information and advice. It’s a good idea for users to change their passwords and ensure they don’t repeat the same ones on different sites. Attackers can use information such as this for fraud, identity theft, and targeted phishing attacks, so it pays to be extra cautious in the coming months.