Telecoms company T-Mobile has now confirmed that reports of a recent data breach are connected to notifications that went out to some of its customers, resulting in them being subject to insidious SIM swap attacks.

A spokesperson for T-Mobile discussed the situation with IT help site BleepingComputer, commenting:

“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed. Unauthorised SIM swaps are unfortunately a common industry-wide occurrence. However, this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.”

The prevalent problem of SIM hijacking

At present, T-Mobile has stated that it is not currently issuing information on how many of its customers were impacted or the exact method employed by threat actors to successfully execute the SIM swap attacks, also commonly referred to as SIM hijacking.

SIM swapping effectively enables attackers to take complete control of their victim’s mobile phone number by either bribing or tricking the carrier’s staff to reassign telephone numbers to SIM cards under the control of threat operators.

This allows the threat actors to then assume control of a person’s phone number and utilise it to get past any SMS-based two-factor authentication protocols, steal personal credentials, successfully log into a target’s personal bank account and steal money, or even hijack their accounts online by altering the passwords currently in use.

T-Mobile users urged to remain vigilant

T-Mobile customers are warned to now be on their guard and should keep a watchful eye on any suspicious emails or text messages that appear to be sent by the telecoms company. They are also advised against clicking on any links included in messages as these may be designed to lead customers to phishing sites where their credentials can be harvested. These bogus websites are designed to look exactly like authentic log-in pages and when a person adds their username and password into the fields provided, they are then subsequently stolen.

This is a common ploy adopted by many threat actors and cybercriminal gangs and can result in credentials being used to penetrate a company more deeply, or access an individual’s private accounts. In other cases, the data stolen is sold on to other cybercriminals on the dark web for use in their campaigns.

During the last four years, T-Mobile has been the target of numerous successful data breaches. Back in February 2021, the Telecoms firm was hit by attackers using an internal app at T-Mobile. Exceptionally similar to this recent strike, the attack resulted in SIM swap strikes on around 400 customers. In August of the same year, hackers used brute force tactics to reach the company’s network after acquiring access via compromised testing environments.

On its dedicated support page, T-Mobile has now provided information to all of its customers to help prevent any attempts at account takeover by threat actors.

Ensure that your enterprise has a comprehensive security solution offered by Galaxkey and all of your emails and data are secured. To make sure you are comfortable with the product before buying it, you can start a free 14-day trial.