Multiple T-Mobile customers reported a concerning incident on X (formerly Twitter) this morning. They discovered that they were able to access other users’ account data, including sensitive information like current credit balance, purchase history, credit card details, and home addresses.
Upon receiving reports from customers, T-Mobile’s Help account on X quickly responded, stating that they were actively investigating the issue. To ensure the privacy and security of affected users, T-Mobile requested customers to send direct messages instead of sharing more information publicly on the platform, in order to avoid aggravating the problem. The company also made a post on its subreddit, reiterating the request for customers to refrain from sharing additional details.
As of now, T-Mobile has not provided any comment on the matter. The exact number of accounts impacted and the cause behind the glitch remain unknown. However, if this incident proves to be a security breach, it would mark the third cybersecurity attack that T-Mobile has faced this year alone.
The first breach occurred in January when T-Mobile revealed that a threat actor had gained unauthorized access to the personal information of approximately 37 million current postpaid and prepaid customer accounts. The breach had been ongoing since late November 2022, and T-Mobile advised affected customers to review their account information, update their PINs and passwords, and diligently monitor all account activity and credit reports. The company also recommended setting up fraud alerts and imposing a credit file freeze as additional security measures.
In May, T-Mobile disclosed another security breach which impacted 836 customers. Although account PINs were compromised, account information and call records remained unaffected. To address the situation, T-Mobile reset all account PINs and offered affected customers free credit monitoring and identity theft detection via Transunion myTrueIdentity for the following two years.
T-Mobile’s response to the current incident is yet to be seen, but their previous experiences with cybersecurity attacks emphasize the importance of swift action and robust security measures to safeguard customer data.
