Slashdot Mirror
Hackers Stole Personal Data of 2 Million T-Mobile Customers (vice.com)
On late Thursday, T-Mobile revealed that hackers stole some of the personal data of 2 million people in a new data breach. From a report: In a brief intrusion, hackers stole "some" customer data including names, email addresses, account numbers, and other billing information. The good news is that they did not get credit card numbers, social security numbers, or passwords, according to the company. In its announcement, T-Mobile said that its cybersecurity team detected an "unauthorized capture of some information" on Monday, Aug. 20. A company spokesperson told me that the breach affected "about" or "slightly less than" 3% of its 77 million customers.
Thank you for being a friend
Traveled down the road and back again
Your heart is true, you're a pal and a cosmonaut.
And if you threw a party
Invited everyone you ever knew
You would see the biggest gift would be from me
And the card attached would say, thank you for being a friend.
Thanks tmobile
Or is it "reckless company did not protect the data of millions"?
About time the blame is shared, no?
Since they have my account number and billing information, maybe they will pay my bill.
"Hackers Stole Personal Data of 2 Million T-Mobile Customers "
*checks servers*
I'm happy to report the data has been located, and returned to it's owners.
Does T-Mobile even have customers' social security numbers? Why??
Yes.
Easier and cheaper to steal it, rather than pay google for the information.
It is time, but I fear that many lawmakers (especially in the US) will never do anything which makes corporations actually liable for such things.
Maybe do the Yakuza thing with the CIO ... you get hacked, you lose a digit. Never hire a CIO missing a digit.
Far too many companies have far too lax security,and it really is time to make them bear the responsibility for it.
"some" customer data including names, email addresses, account numbers, and other billing information.
Maybe I'm just jaded, but judging by the catalogs I got in the mail, shoe companies (for example) that I'd never shopped at had at least this much information about me. In the nineties.
(OK, in all seriousness, yeah, possible social engineering attacks and all that. Though I must point out, even I don't know my account number ... )
As long as that is a word that is meaningless, nothing will happen. And this goes for political situations as well as anything else.
Basically, as long as they/you can get away with it, why would they/you care. There are three letter agenencies that have admitted to be doing illegal things. Nothing!
Now imagine that this would happen at T-Mobile Germany. Even before the GDPR heads would roll and not just some poor IT guy. I am sure that at least the COO would have to be looking for a new job. And even that would not mean the end of it. Politicians would get involved and not in any way to calm things or protect the company.
I often see people here citing laws, amendments and constitutions. As long as there is no accountability, they are as much of a plot device to tell a nice story as the three laws of robotics.
Don't fight for your country, if your country does not fight for you.
The good news is that they did not get credit card numbers, social security numbers, or passwords, according to the company
Way to spin a disaster... oh yeah, we got hacked... but they didn't get your Credit Card Number... BUT GOOD NEWS EVERYONE they just everything they need to know to sign you up for fake Credit Cards and otherwise fake your identity.
"That's the way to do it" - Punch
Catherine Zeta-Jones would say that this is, wait for it, wait for it...
Entrapment.
I'll show myself out now.
I mean, they only stored their passwords in plaintext, who could have seen this kind of data breach coming? Their security "was amazingly good" after all! https://twitter.com/tmobileat/...
I would have been gladly entraped by her... 30 years ago.
Is it "innocent woman raped by vile criminal scum"?
Or is it "reckless woman ["dressed provocatively","was asking for it","was a tease","bared her ankles","did not wear the burqa","did not say no"]?
Victim blaming is wrong in any case.
The data was copied.
I know its not in good taste to actually read the article, but...
The headline should read "T-Mobile in a break from most large corporation intrusions almost immediately detects and prevents breach in it's early stages protecting 97% of its customer data"
T-Mobile caught the hack the SAME DAY and stopped it at 3%. Then publically reported it 4 days later rather than waiting for their executive board to cash out. Unless more information comes out to the contrary this should be held up as an example of success where a large company finally mostly protects their/your data and honestly reports details quickly.
T-mobile wasn't "dressed provocatively", they just didn't want to pay for security. But congrats on the nice false equivalence.
Trust me. That joke wasn't in bad taste. I've literally had worse, and with a nasty lingering after effect.
Sincerely,
Michael Douglas
But now at least I’m a 3%-er... I got a text from T-Mobile last night, saying my info got stolen.
Wanna lay odds that “3%” will be trending strongly upward over the next few days and weeks, and that they’ll eventually have to announce that the intruders got more of each customers’ info than originally thought?
#DeleteChrome
they copied.
LOL, she's about a week older than me, so I'd still hit it in a heartbeat if Michael Douglas hadn't been all up in there recently.
By the time you're pushing 50, 'consenting' is the principal criteria, the rest is negotiable.
You young kids remember that, if you're a 6, you're never gonna bed a 10 unless your wallet is fat ... realistic expectations, no judgement, being nice ... and you'll get laid more.
That average looking woman might just be a freak in the sheets if you're nice to her and give her what she wants, whereas that super hot chick is probably has no interest whatsoever in you anyway.
All you whiny incels, get over it .. the problem isn't them, it's you ... it's always been you.
The hackers can have my publicly available ssid number - it's not a secret password to open credit lines like some banks lead the public to believe - my identity can't be stolen just because lots of people know my ssid because lots of people know my ssid
I think your logic circuits are broken.
This is absolutely a proper equivalence. A crime was committed against someone (in this case a company, and by extensions its customers) by a criminal (in this case a "hacker" rather than a rapist) who took what didn't belong to them.
Are you going to tell rape victims it's their fault because they weren't wearing a chastity belt? Such things ARE available, after all.
And remember...
Not matter how hot a chick is... There's someone. Somewhere. That's sick of her shit.
Bullshit!!
T-Mobile has a fucking market cap of $50 billion; they're not victims, they're incompetent idiots who didn't secure their servers.
The victims are the people whose information has been stolen and have to worry about identify theft.
The fault for this rests entirely with T-Mobile, if they're too lazy/cheap to have real security, that's on them. They've got a CIO, a CTO, and one assumes a whole slew of people who work in security ... time for those C-level people to be held accountable for this shit, because it's their responsibility.
Boo hoo, the multi-billion dollar company got hacked by the mean old hackers. Cry me a fucking river. But don't consider them victims in this scenario.
Its just as illegal to leave your car unattended with the keys in it, as it is to be the one stealing it. How is leaving customer data unprotected any less criminally negligent? Its past time to have the FBI publicly walk these CIO's out to the van in handcuffs. Security would miraculously be fixed almost overnight.
If this was an "absolutely proper equivalence", your car insurance company would gladly pay for your stolen car which you left in a bad neighborhood with the keys in the ignition. However, they do not. Are they "blaming the victim" too? No, just like in the case above, when a party shirks the responsibilities that are expected of them (lock the car, keep the keys, secure their service), they are partly liable.
+1, wrote almost the same thing above.
/ shaking a tiny fist.
There are Deutsche Telekom subsidiaries named T-Mobile active in a half-dozen countries. Which one had its data stolen? https://en.wikipedia.org/wiki/...
I must have missed the part of the story where Tmobile gave the server addresses and passwords to the hackers used to breach the service.
There's a big fucking difference between leaving keys in an unlocked car (which ANYONE could access and steal without first violating breaking and entering laws), but in this case, someone had to actually attempt to breach the servers in question using skills that not every Joe fucking Schmoe possesses.
We don't really know how they hacked it, but considering OSs and now even fucking CPUs are being hacked, how is a company possibly supposed to protect all their online data?
There's also a big fucking difference between someone who continuously argues a clearly ridiculous viewpoint and a troll.
Wait, no there isn't...
Well the fact that they had social security numbers and credit card numbers secured differently says they they did more than the past companies that got hacked.
The from address was spoofed and it appeared exactly as if it came from T Mobile. In fact the t-mobile phone displayed that message along with other legitimate text alerts from T-Mobile.
I knew enough not to click on the link provided, and called T-Mobile. It was not a legitimate message. But they hackers were able to spoof the from address in the SMS. It happened yesterday. Not sure if that is a fall out of stolen email id.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Not sure what lawmakers can do, its already against the law to hack and steal information. Pretty sure T-mobile had some set of security measures in place, they all have who have been hacked. Obviously we have seen hackers prove they can get past some pretty hefty security measures. The games for kids today entranced in technology is to make money using their brains, but clearly have no moral compass.
You must also have missed the part where the car owner told the thieves where the car was parked, I guess. Wait, there was no such part.
Also, are you tacitly making the argument that a drunk person asleep in a public place, whom ANYONE can undress and rape (because pulling off pants isn't a mad skill) is not a victim? Doesn't that go a bit against your own logic upthread?
You must be badly confused by all those "logic circuits" in that smart head of yours.
The troll is the person who labels viewpoints which don't align with their own as "ridiculous" and then engage in ad hominem towards those who hold said views.
Nice try, though.
Are they "blaming the victim" too?
Actually, yes, they are.
Leaving keys in your car isn't a crime; stealing a car, on the other hand, is a crime.
An insurance company isn't the law. Insurance is a contract with a private company into which you willfully enter, knowing the terms and conditions.
You're not going to jail for leaving the keys in the car. Try stealing a car where the keys were left in it, and see if the judge decides that you weren't at fault.
Leaving your keys in your car hurts nobody but yourself, and you rightfully deserve to get your car stolen for your stupidity. Did you commit a crime? No. Should the guy that stole your car get off? No. Is your insurance company going to replace your car? If they prove you left your keys in it, not a chance in hell.
Leaving your customers' private information on servers that you were too lazy, cheap, or incompetent (or all of the above) to secure hurts your customers, and you should rightfully be sued into oblivion for your incompetence. Did you commit a crime? No (at least, not under current law, and this is exactly the point of the top parent's post). Should the guy that stole your customers' info get off? No. Is your liability insurance company going to cover your losses due to your customers suing you into oblivion? If they prove your customers' data was stolen as a direct result of your incompetence, not a chance in hell.
but T-mobile throttled them at 50gb of downloaded data.
If not then where's the "news"?
"Consensus" in science is _always_ a political construct.
The US Office of Personnel Management managed to lose the entirety of my security clearance info to hackers. My former employer lost everything they had in my personnel file. Compared to that, this doesn't even register.
Both times I was offered a couple years of "credit monitoring" services. Screw that. I permanently (i.e. until I specifically tell them otherwise) froze my info with every credit reporting agency, and password-protected an account for tax filing with the IRS. I recommend everyone else do the same. Read Krebs on Security for more details about how and why.