Excerpt from TheRegister Article – Published on Sep25, 2023
T-Mobile US encountered another challenging week on the cybersecurity front as a system glitch inadvertently exposed customer account data, sparking concerns of a possible breach. Numerous customers reported on platforms like Reddit that the T-Mobile app displayed the personal data of other users, including purchase histories, credit card information, and addresses.
Given T-Mobile’s history of security incidents, many initially suspected a cyberattack. However, T-Mobile promptly clarified that the issue stemmed from a temporary system glitch tied to a planned technology update. They assured the public that the glitch impacted fewer than 100 customers and was swiftly resolved. It’s worth noting that although T-Mobile acknowledged fewer than 100 customers had their data exposed, more individuals could view this sensitive information due to the glitch.
In a separate development, allegations of a breach surfaced via malware repository vx-underground’s Twitter account. T-Mobile’s investigation traced the exposed data back to Connectivity Source, an independently owned T-Mobile dealer, which had suffered a breach in April, compromising employee data, including names and social security numbers. Despite these security challenges, T-Mobile’s business remained resilient, posting increased profits amid ongoing layoffs to maintain financial stability.
In the wider cybersecurity landscape, critical vulnerabilities emerged, prompting updates from organizations like Gitlab and Atlassian. Operational technology (OT) vulnerabilities in products from Rockwell Automation, Real Time Automation, and Siemens Spectrum Power 7 also came to light.
Additionally, security researchers uncovered a deceptive proof of concept (PoC) for a WinRAR vulnerability, highlighting the risks of downloading PoCs from unverified sources. Cyber insurance firm Coalition reported a significant surge in ransomware claims, with ransom demands increasing. Organizations were urged to prioritize cybersecurity defenses and risk management.
Lastly, Sophos issued a warning about a variant of the pig butchering scam targeting cryptocurrency liquidity mining, revealing that scammers had reaped over $1 million in a mere three months through this scheme. As the cybersecurity landscape evolves, vigilance remains paramount for safeguarding data and assets, both for organizations and individuals.
To delve deeper into this topic, please read the full article on TheRegister.