T-Mobile Data Breach: What You Need To Know

September 26, 2018
T-Mobile Data Breach: What You Need To Know

A highly publicized data security breach on T-Mobile was announced last week and Millions of users’ data might have been exposed.

T-Mobile confirms that there are encrypted passwords involved in the security breach. Their cyber-security team uncovered and eventually prevented further unauthorized access to their systems and immediately reported it to the authorities. This means that someone somewhere might have all those users’ personal information.

Regardless of the users’ account type – prepaid or postpaid – data was confirmed breached and possibly exposed. There are also several reports that the issue was due to a vulnerable API, or application programming interface, although it still remains uncertain. So, to breakdown the event based on facts, here’s what you need to know:

Who’s behind the cyber-attack?


  • The authorities did not name any specific group but a spokesperson from T-Mobile said that the hackers were from a known international group. The attack happened as early as August 20th.


How did they breach T-Mobile’s systems?


  • The cyber-attackers were able to take advantage of the weak internal API (Application Programming Interface) on T-Mobile’s servers that handles customers’ personal data.


How many T-Mobile customers got affected?

  • Close to 3 Million customers were affected, which translates to about 3-percent of T-Mobile’s 77-Million+ client base.

What customer information was compromised?

  • Customers’ Names
  • Customers’ Addresses / ZIP
  • Phone Numbers
  • Email Addresses
  • Customer Account Type
  • Credit Card/Billing InfoT-Mobile says NO.
  • Social Security InformationT-Mobile says NO.
  • Users’ PasswordsT-Mobile initially denied, but later said it might be included.

How to know if you’re affected?


  • Customers that were affected will receive a text message from T-Mobile which reads:

Hello—We ID’d & shut down an unauthorized capture of your info. No financial info/SSN taken but some personal info may have been. More: t-mo.co/security. Since T-Mobile was able to shut-down the attack, no need to worry. If you don’t’ receive any text message, chances are, you were not affected.


Should I change my password?

YES you should. You can change your T-Mobile password either online or in the mobile app. These are the requirements for new passwords:

  • Must be between 8-50 characters
  • Must include at least 1 number
  • Must include at least 1 letter
  • Can’t contain spaces
  • The last five passwords can’t be re-used


T-Mobile already issued a statement saying that the incident is regrettable and that they are deeply apologizing for whatever inconvenience this has caused their customers.

About the author

Leave a Reply