T-Mobile’s Recent Data Breach Was Related to SIM Swap Attacks

BY Chandraveer Mathur

Published 29 Dec 2021

Yesterday, T-Mobile reportedly detected unauthorized activity on some customer accounts. The carrier has now confirmed that “a very small number of customers” were indeed affected by SIM swap attacks, which triggered those unauthorized activity reports.

T-Mobile said it had informed the affected customers that they were victims of SIM swap attacks. A SIM swap attack, also called simjacking, SIM splitting, or Smishing, is a method to hijack peoples’ mobile phone numbers. In this case, T-Mobile employees were reportedly tricked or bribed into reassigning the victims’ phone numbers to SIM cards controlled by the attackers. In a statement to BleepingComputer, T-Mobile said:

“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed.

Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.”

SIM swap attacks give the bad actors complete control of your phone number. So, any service that sends you login, verification, or reset codes via SMS and MMS can be taken over by the attackers. This means that the attack can be used to steal credentials, take over social media accounts, and even steal money from bank accounts. Such attacks are usually used to target cryptocurrency investors and adopters. Following a spike in the number of cases, the FBI even shared pointers to help defend against such attacks.

T-Mobile reportedly said it had dodged the bullet and corrected the underlying issue. However, it did not reveal how many customer accounts were compromised and how the bad actors executed the SIM swap attacks.

This is the seventh data breach that the carrier has disclosed since 2018. It is remarkably similar to another SIM swap attack in February 2021, when hackers targeted as many as 400 customers using an internal T-Mobile application to execute the attack.

According to the FBI, you can stay protected from such SIM swap attacks by following these tips:

  • Don’t leave personal information such as social security numbers and cryptocurrency keys in your email account. Also, avoid posting your phone number and similar details online.
  • Avoid posting details about your financial assets on social media.
  • Request your carrier (like T-Mobile) to place a PIN on your account that prevents unauthorized changes.
  • Request your carrier to append a note to your account, so any changes to it would have to be made in person.
  • Avoid reusing passwords across multiple accounts.
  • Prefer using an app like Google Smart Lock for iOS or Google Authenticator instead of relying on SMS verification codes when you set up two-factor authentication on any online account.

If you know of any other ways to stay safe from SIM swap attacks, share them with us in the comments section below!

[Via BleepingComputer]