Latest T-Mobile and At T Data Breach Related to Website VulnerabilitiesByNitish Singh-August 25, 2018 752 Both T-Mobile and At T suffered data breaches leading to potential exposure of user pins. Security researchers Ryan and Nicholas Ceraolo had found the security flaws. The bugs allowed anyone to take a number from T-Mobile or At T and hijack the user’s phone card with pink. In the network platform Api, T-Mobile experienced a recent data leak. The weakness of T-Mobile was found in the carrier’s link to the Apple online store that enabled users to purchase T-Mobile connections from Apple iPhones and 4 G iPads. The online shopping portal of Apple allowed users of the carrier to guess the account pin unlimited times, instead of a set number of attempts on other protected platforms. It allowed hackers to use hacking tools to run all possible combinations, and to recognize private account pins. Figure 2 Image Courtesy of Buzzfeed Once the right T-Mobile pin has been identified it could be used to hijack the user’s full access Sim card and phone number. Access to the pin subsequently enables hackers to disable two-factor authentication, or to access private text messages with four-digit code. Phobia and Convict also revealed that At T had a very similar vulnerability on a page which allowed users to file claims for insurance coverage. Similar to the T-Mobile exploit hackers with access to an At T phone number could run as many as 4 digit pins as possible until the correct one is found. Recently, Instagram suffered a similar data breach with users reporting their accounts being compromised due to a shortcoming in how the two-factor authentication program functioned. Users who use Pin-based authentication online services should use physical 2Fa keys or temporary access keys to avoid data breaches as an additional layer of security. Telecoms have already fixed the vulnerabilities and are working to improve the security of the data. Grip.
Author
Jeanne Higgins