The carrier’s response is worrisome.
Earlier this week, hackers breached T-Mobile’s systems, capturing information on users. Luckily, the company was quick to notice the breach, and quick to shut it down. In all, around 2 million customers have been affected by the breach.
The information which the hackers may have gained information to includes names, email addresses, account numbers and other billing information. Luckily, the company states that no payment information was exposed, meaning customers credit card numbers and social security numbers were not exposed.
Unfortunately, T-Mobile seems to be playing a game of semantics about if user’s passwords were exposed. In T-Mobile’s original release they stated that “no passwords were compromised”. Later, a spokesperson told Motherboard that “encrypted passwords” were included in the exposed data. Upon further inquiry from Motherboard, it was explained that the passwords weren’t compromised because they were encrypted. This really is a frightening response.
Encryption aids in security, but encryption can be broken. Two different security researchers who spoke with Motherboard believes the encryption used may be the “notoriously weak algorithm called MD5”.
T-Mobile has reached out to users who’s information was included in this breach via text message. We would strongly advise users to immediately update their passwords, no matter the advice given by the “uncarrier”.