There was a vulnerability found.
T-Mobile classified it as “critical,” patched the bug and gave the researcher a $5,000 reward.
Hackers accessed customers’ sensitive information such as email addresses, billing account numbers, and their IMSI, the phone’s standardized unique number that identifies subscribers.
They also hijacked their phone numbers and tried stealing money from their banking accounts linked to those numbers.
TPRM report: https://scoringcyber.rankiteo.com/company/t-mobile
"id": "tmo18348622",
"linkid": "t-mobile",
"type": "Vulnerability",
"date": "02/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Telecommunications',
'name': 'T-Mobile',
'type': 'Telecommunications Company'}],
'attack_vector': 'Exploitation of Vulnerability',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['email addresses',
'billing account numbers',
'IMSI']},
'description': 'A critical vulnerability was exploited to access sensitive '
'customer information and hijack phone numbers, leading to '
'attempted theft from linked banking accounts.',
'impact': {'data_compromised': ['email addresses',
'billing account numbers',
'IMSI']},
'motivation': 'Financial Gain',
'threat_actor': 'Hackers',
'title': 'T-Mobile Data Breach and Account Hijacking',
'type': 'Data Breach, Account Hijacking',
'vulnerability_exploited': 'Critical vulnerability'}