T-Mobile does not have a good reputation when it comes to cybersecurity, and that’s about to get a whole lot worse.
T-Mobile has had multiple cybersecurity breaches over the last few years, impacting tens of millions of users and costing the company hundreds of millions in settlements. Unfortunately, that may be just the tip of the iceberg, according to a new report from Krebs on Security.
According to Krebs, three different hackers groups claim to have accessed the company’s internal systems:
Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.
The hackers’ goal was SIM-swapping, a term for when a hacker is able to gain control over a victim’s cellphone number.
The data regarding attacks was collected by monitoring various Telegram channels used by the hacker groups. The message “Tmobile up!” or “Tmo up!” was posted anytime a hacker successfully SIM-swapped a target.
Krebs initially planned on counting the instances for all of 2022, working backward from the end of the year. Unfortunately, the number of hacks racked up much faster than anticipated.
But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary. The tally shows that in the last seven-and-a-half months of 2022, these groups collectively made SIM-swapping claims against T-Mobile on 104 separate days — often with multiple groups claiming access on the same days.
It’s unclear why T-Mobile is suffering so many of these attacks. While there are similar efforts against Verizon and AT&T, the number of successful attempts is far less. Some experts believe the magenta carrier is not doing enough to secure its systems.
“These breaches should not happen,” said Nicholas Weaver, a UC Berkeley researcher. “Because T-Mobile should have long ago issued all employees security keys and switched to security keys for the second factor. And because security keys provably block this style of attack.”
For its part, T-Mobile told Krebs it is combating the issue while also emphasizing it is an industry-wide problem.
“And we are constantly working to fight against it,” the statement reads. “We have continued to drive enhancements that further protect against unauthorized access, including enhancing multi-factor authentication controls, hardening environments, limiting access to data, apps or services, and more. We are also focused on gathering threat intelligence data, like what you have shared, to help further strengthen these ongoing efforts.”
There is evidence to suggest the company is making progress, with the hacker groups complaining that their access after a successful swap is being severed much sooner than before. Some have even theorized that T-Mobile’s security team may be monitoring the Telegram channels.
While it’s encouraging to see T-Mobile is making progress, it’s still disturbing that the company is experiencing this many breaches.