T-Mobile, the U.S based wireless network operator said that hackers stole customers’ data including names, billing zip codes, contact details, account numbers etc. T-Mobile has recently announced a merger with Sprint. According to the company’s statement, no financial data has been compromised. There is no idea about when and how the breach occurred but the unauthorized access was discovered on Monday and necessary action was taken to stop the breach. But reportedly, about 3 percent of the company’s customers’ data were affected which accounts for approximately 2 million accounts. The company currently has 77 million users.
T-Mobile has been sending messages to the customers to alert about the breach since Friday. But some customers said that the link in the text message appeared as phishing.
This is not the first time that such a security breach has been observed in the T-Mobile’s operation. Three months back, a security researcher found a similar flaw in a T-Mobile subdomain used by the staff. The bug lets anyone access customer’s private data by using just phone number. A similar vulnerability was investigated a few months ago in another T-Mobile system which also exposed customers’ email addresses, their billing account numbers etc.
Earlier this year, many mobile giants including T-Mobile have been ordered to stop sharing customer location data with any third parties. The rule came after Ron Wyden who has served in the United States Senate since 1996 criticized such companies for their practice.