Two major tech companies are reporting security breaches.
T-Mobile says they determined a “single bad actor” accessed the information of 37 million customers. The company says the hacker first got into accounts at the end of November, but they didn’t detect the breach until the first week of January. The company says once they discovered the intrusion, they were able to shut it down within 24 hours.
According to T-Mobile, “Our systems and policies prevented the most sensitive types of customer information from being accessed, and as a result, customer accounts and finances should not be put at risk directly by this event. There is also no evidence that the bad actor breached or compromised T-Mobile’s network or systems.”
The company does admit the hackers obtained other information, including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features.
T-Mobile said it was in the process of notifying affected customers and would continue to make security improvements in its system.
Even more alarming, NortonLifelock reports that its password manager fell victim to an attack by hackers. In a message sent to users with affected accounts, the company said, “Our own systems were not compromised. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account.”
The company says hackers bought username and password combinations on the Dark Web and then used them to attempt to break into password manager accounts. The company was alerted when they noticed a large number of failed log in attempts to the password manger. If you use the same password and username combinations for your password manager that you use for other accounts, hackers could be able to easily log into your accounts.
The company encouraged all users to make sure they enable multi-factor authentication on their accounts and to monitor their credit reports.