T-Mobile recently revealed that hackers managed to use an application programming interface (API) to gain access to sensitive data from millions of accounts. According to the company, about 37 million customers were impacted by the security breach, which occurred in mid-August.
Through their investigation, T-Mobile determined that hackers were able to obtain customers' account details, including email addresses, phone numbers and passwords. They were also able to access other pieces of personally identifiable information (PII). However, bank account information and Social Security numbers were not affected.
The cell phone service provider believes the attackers obtained access to the API by exploiting a misconfigured security setting. T-Mobile has since taken measures to strengthen the security of its application programming interface.
Regardless of the attack vector, data breaches can have significant consequences for both victims and businesses. Consumers may be left vulnerable to identity theft and fraud, while companies may have to grapple with loss of reputation and financial losses.
Businesses should strive to stay abreast of the latest cybersecurity threats and adopt measures to protect their networks from attack. This includes monitoring application programming interfaces, ensuring proper security configuration and providing employees with up-to-date cybersecurity training. Doing so can help organizations reduce their risk of a data breach and protect their customers' sensitive data.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 24 Jan 2023 03:31:02 +0000