SIM-swap: What is it and what does it have to do with the T-Mobile breach?
Bellevue, Washington - Last week, T-Mobile was hit by a huge hack in which data from over 50 million customers was stolen. Even though the breach was fixed, it didn't just give the hackers access to account data, but also allowed them to potentially take over connected accounts such as banking apps.
After its initial investigation, T-Mobile has acknowledged that a lot more customer data was stolen than previously thought.
Considering the company has 86 million combined pre- and post-paid customers in total across the country, this was a pretty hefty security failure.
T-Mobile also dealt with a data breach in December 2020, but this time there is growing concern that aside from access to Social Security Numbers and drivers license information, hackers also gained access to account PINs.
This could technically allow them to simply call T-Mobile and get a new SIM card made for any existing phone account. With the new SIM, they would then have access to everything the account holder receives through it, such as confirmation texts from a bank or investment account or two-factor authentication from any connected app.
CNet recommends immediately changing your account PIN on the T-Mobile portal to prevent this kind of "SIM swapping". If possible, switch any existing two-factor authorizations text messages to an app, such as Google Authenticator or Microsoft Authenticator, which don't rely on information coming through a SIM card.
Additionally, change up your security questions and passwords, and because any phone service is vulnerable to attack, immediately notify your phone company if you realize your SIM card or service has stopped working, as that can be a signal that your SIM was duplicated and is being used elsewhere.
Cover photo: 123RF/ joeppoulssen