The attack was discovered on August 20 and they were able to quickly shut down the attack. The attackers however netted over two million records that consist of customers’ personal information that include their names, phone numbers, type of plan, email address and account numbers.

That’s the bad news. The good news according to T-Mobile is that the attackers weren’t able to get away with important financial information like credit card numbers, passwords and social security numbers. However, they recently mentioned to CNET and Motherboard that some passwords may have been stolen but in encrypted form.

T-Mobile immediately notified those affected with SMS messages, phone calls, emails and snail mail and encourages customers to contact them back to advise them of necessary steps to protect themselves.

We take the security of your information very seriously and have a number of safeguards to protect your personal information… We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you.

–T-Mobile spokesperson

Fortunately, one of those safeguards may be to keep the financial information on a separate server or database, otherwise, the perpetrators who are suspected to be from outside the United States, could have gotten away with much more. Another of those safeguards fortunately is encryption so T-Mobile is confident that the hackers won’t be able to read the stolen information.

However, T-Mobile’s encryption scheme is still in question according to some security researchers. They believe that T-Mobile is employing an MD5 algorithm for their encryption, which the company doesn’t confirm. MD5 is apparently an outdated algorithm no longer considered safe since way back 2012.

Hackers worth their salt might be able to break such encryption especially as some news sites have already outed the suspected algorithm. Thus, it’s best for the affected T-Mobile customers to take appropriate steps to increase their security or be aware of cyberthreats especially through email; or for T-Mobile to ensure that nothing suspicious reaches those two million affected customers through their messaging services.

T-Mobile is certain that nothing else outside the mentioned personal info was stolen, but those that were, remain significant (especially email addresses) in order for hackers to perform some identity theft or to at least sell the information to various marketing and advertising companies especially those dubious enough to perform spamming and phishing attempts.

Unfortunately for those two million victims, they may have to put up with a lot of spam for Viagra, Russian girls, credit applications and Nigerian royalty. They would also need to watch out for annoying telemarketers and robo-calls every other Tuesday. Their best bet short of junking their current plans, is to change their numbers immediately.

The post 2 Million T-Mobile Customers Should Brace for Spam and Robocalls appeared first on Hack Ware News.