If the FBI finds that the individual or group responsible did access information through T-Mobile’s API that it wasn’t authorized to obtain, it could result in criminal charges brought under the Computer Fraud and Abuse Act, the federal anti-hacking statute that is somewhat controversial.Īny charges brought would require proof that T-Mobile sustained some kind of financial loss in excess of $5,000, which it could prove by simply stating that it paid employees about that much to respond to the data breach. T-Mobile says it is working with law enforcement, including the Federal Bureau of Information, which has some jurisdiction over Internet-based compromises of data. On average, the person or group was able to obtain data from around 902,000 accounts each day for that 41-day period. What is known is that the person or group T-Mobile is calling a “bad actor” first started accessing the company’s API and collecting data around November 25 of last year, and continued accessing the API and collecting data until the company became aware of the practice on January 5. It could have also been part of T-Mobile’s external sales efforts, where some customer information is sold to third parties for purposes of marketing sand advertising. It could have been connected to social media-based customer service, where users are asked to authenticate themselves as a T-Mobile subscriber when seeking help through Twitter and Facebook. T-Mobile hasn’t explained why non-sensitive customer information like names, home addresses and phone numbers were available through an API, but it could have been for any number of reasons.
The changes essentially broke TweetBot and Twitterific, because they were prohibited from accessing the key parts of Twitter through the API that they needed to access in order to make the applications work. The API allowed TweetBot and Twitterific to interact and connect with various parts of Twitter’s website and servers, until Twitter decided recently to change who could access its API and for what purpose.
#T mobile got hacked software#
A good example of this at play can be found at Twitter: For years, the company offered an API that allowed developers like Tapbots and the Iconfactory to develop TweetBot and Twitterific - software that allowed users to send tweets, read messages and perform other functions associated with the Twitter website. Simply put, APIs allow developers to access certain parts of another website or service when they’re building out their own applications. In a filing with the Securities and Exchange Commission last week, a T-Mobile executive wrote that the “bad actor” - who may have acted alone, or might be connected to a larger group - used an application programming interface (API) to access some customer data in a way that went beyond what the company intended. The “bad actor” that T-Mobile blamed for the incident simply exploited a door that T-Mobile left open for some legitimate purposes, and used it to harvest data of millions of customers (who, themselves, were not hacked, despite CNN’s headline).
The latest security incident generated headlines coloring the episode as an “attack,” leading many to believe that T-Mobile was on the receiving end of compromise similar in nature to what the phone company has faced over the last several years.ĪBC News wrote that T-Mobile was “breached by hackers,” while Red Ventures website CNET - which has faced some scrutiny for using robots to write stories - claimed T-Mobile got “hacked again.” USA Today characterized the incident as a “hack,” too, and CNN’s headline went so far as to state that the 37 million customers themselves were “hacked.”īut the latest security incident involving T-Mobile and its 37 million customers was not a hack in the conventional sense. The incident, which involved a person or group accessing non-personal information of about 37 million customers, was compared to previous security breaches in which T-Mobile found itself the victim of several large-scale cyberattacks that resulted in serious, sensitive customer information leaked on the Internet, one that triggered at least two class action lawsuits against the company. (Photo courtesy T-Mobile US/Deutsche Telekom, Graphic by The Desk)Ī security breach involving T-Mobile generated a significant amount of media coverage last week after the wireless phone provider acknowledged the incident with a public statement. An engineer climbs a wireless network tower.
0 kommentar(er)
