What should the victims do in the meantime? The company should have separated highly sensitive information from identification data such as addresses, names, and phone numbers.Īlso, T-Mobile’s attack is a reminder that organizations should store highly sensitive data on a need-to-know basis to prevent potential internal threats. While T-Mobile is giving the victims two years of free identity protection, the company should have done more to protect its customer’s data, considering this isn’t the first time the mobile carrier is being targeted.Ī classic solution is data partitioning.
The issue made the access point publicly available on the internet – all the actors had to do was find the gate. T-Mobile could have avoided the attack if the company conducted a proper scoped penetration test and used internal network monitoring tools.Īccording to the hackers, this was a configuration problem on the access point the company uses for testing. A complex organization is generally its own worst enemy with operational debt causing systematic accrual of risk.
TMOBILE BREACH SERIES
Is T-Mobile to blame?Ī data breach as massive as T-Mobile’s usually occurs because of a series of mistakes or an absence of security control. That’s especially true considering that T-Mobile wasn’t aware of the attack until the hackers posted it on the dark web. A malicious insider could have abused their privileges as an authorized user to carry out the attack against T-Mobile’s information systems.Īnd because the user is legitimate, it can be hard to detect these types of attacks. The attack could also have been instigated from inside the company.
TMOBILE BREACH PASSWORD
The attackers could have used several methods including password cracking software, password sniffers, and dictionary attack, to hack into T-Mobile’s GGSN router.
TMOBILE BREACH TRIAL
While there are several attack vectors, the T-Mobile breach could have been a case of a brute force authentication attack against internal systems.Ī brute force attack involves cracking credentials to guess usernames and passwords to gain unauthorized access to a system via trial and error.
The attack allows the actors to exploit the system vulnerabilities.Īttack vectors include e-mail attachments, pop-up windows, viruses, deception, chat rooms, and instant messages. What is an attack vector? Common attack vectorsĪ vector attack is a path which cybercriminals use to access a computer or network server to execute a payload with the intention of a malicious outcome. One of the supposed hackers by the pseudonym Anton Lyashevesky told Information Security Media Group that the hackers infiltrated T-Mobile after the company’s misconfigured Gateway GPRS Support Node (GGSN) was exposed on the internet.Īccording to Lyashevesky, the criminals pivoted to the company’s LAN before proceeding to over one hundred Oracle databases containing the user data.įurther, a tweet handle the information was extracted from multiple T-Mobile data centers named Titan and Polaris. The question is, How did hackers penetrate T-Mobile?Įven though the hackers’ identity remains shrouded in mystery, chats with the seller point to a vector attack. The records appeared for sale on a dark web forum, with the seller asking for 6 bitcoin (approximately $290,000 at the time of writing this).
TMOBILE BREACH LICENSE
According to Vice’s Motherboard magazine, the information includes Social Security Numbers, account pins, driver’s license numbers, names, and phone numbers. The compromised data is as sensitive as it could get. Preliminary analysis revealed that the breach affected nearly eight million current postpaid customers and forty million former or prospective clients who had applied for credit with the company. Mobile carrier T-Mobile suffered a massive data breach recently, the 5th such occurrence in the last four years.
0 kommentar(er)
