T-Mobile discloses data breach after SIM swapping attacks

From bleepingcomputer.com

T-Mobile discloses data breach after SIM hijacking attacks

American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks.

SIM swap fraud (or SIM hijacking) allows scammers to take control of targets’ phone numbers after porting them using social engineering or after bribing mobile operator employees to a SIM controlled by the fraudsters.

Subsequently, they receive the victims’ messages and calls which allows for easily bypassing SMS-based multi-factor authentication (MFA), stealing user credentials, as well taking over the victims’ online service accounts.

The criminals can then log into the victims’ bank accounts to steal money, change account passwords, and even locking the victims out of their own accounts.

Read more…