Reports have emerged from T-Mobile customers claiming they could access the private account and billing details of other individuals upon logging into the company's official mobile application.
As per user accounts on various social media platforms, the compromised information encompassed customer names, phone numbers, addresses, account balances, and sensitive credit card details, including expiration dates and the last four digits.
In some cases, affected customers revealed that they were able to view the confidential information of numerous other individuals while logged into their own accounts.
Amid a deluge of reports that began flooding Reddit and Twitter earlier today, several T-Mobile customers asserted that they had been grappling with this problem for the past fortnight.
"I reported this problem as soon as it emerged on Reddit over two weeks ago and even sent screenshots of the other individual's information to their security team. Unfortunately, there has been no response whatsoever. Quite astonishing," remarked one customer.
Another customer chimed in, stating, "I've raised this issue with T-Mobile representatives previously, along with my concern about being redirected to the Metro activation line when my phone services are suspended."
T-Mobile has clarified that the recent incident was not the result of a cyberattack, and there was no breach of their systems. Despite the substantial number of customer reports, T-Mobile has stated that the incident had limited ramifications, impacting fewer than 100 individuals.
A spokesperson for the company provided additional details, stating, "There was no cyberattack or breach at T-Mobile. This was a temporary system glitch tied to a scheduled overnight technology update, affecting a limited amount of account information for less than 100 customers. The issue was swiftly resolved."
T-Mobile's Data Breach History Since 2018
T-Mobile faced its latest data breach in May, marking the second incident since the beginning of 2023. In this instance, hackers compromised hundreds of customers' personal information between late February and March by infiltrating the carrier's systems.
Earlier in January, T-Mobile disclosed another data breach, affecting 37 million customers, where sensitive data was pilfered through one of its Application Programming Interfaces (APIs).
This unfortunate trend extends back to 2018 when T-Mobile experienced seven other data breaches:
August 2018: Attackers accessed data belonging to approximately 3% of all T-Mobile customers.
2019: T-Mobile exposed the account information of an undisclosed number of prepaid customers.
March 2020: T-Mobile employees fell victim to a breach, revealing their personal and financial details.
December 2020: Threat actors gained access to customer proprietary network information, including phone numbers and call records.
February 2021: An internal T-Mobile app was illicitly accessed by unknown attackers without authorisation.
August 2021: Hackers forcefully penetrated T-Mobile's network following a breach of one of its testing environments.
April 2022: The notorious Lapsus$ extortion gang breached T-Mobile's network using stolen credentials.
