T-Mobile customers' passwords could be vulnerable

4comments
T-Mobile customers' passwords could be vulnerable
In this age where 87 million Facebook users had their profiles used without permission, you might expect that carriers around the world would be super protective of their subscribers' personal information. But a series of tweets from T-Mobile Austria indicate that the wireless operator gives customer service reps the first four characters of customers' passwords and that the whole password is stored in plaintext. If a hacker (let's call him Johnny Badappleseed) has the tech to come up with the rest of the password using bruteforce or just makes a lucky guess, Mr. Badappleseed could make changes to the customer's account without permission. We already know what could happen in a situation like that. And if there is a complete data breach, all of T-Mobile Austria's customers could find their passwords strewn all over the internet.

After receiving several incredulous tweets about the apparent lack of security, another tweet from T-Mobile Austria basically said that its subscribers have nothing to worry about because "We secure all data very carefully, so there is not a thing to fear." It has been our experience that when someone tells you not to worry about something, it is time to start worrying. Same as when someone says "Believe me." Those two words are usually followed by the biggest lies.

T-Mobile Austria made a brief statement that tried to characterize this whole thing as a "misunderstanding" about how the carrier stores customer passwords and what is available to customer service reps. However, a quick call to T-Mobile revealed that customer service reps do have the ability to see the first four characters of your password not only in Austria, but also in the U.S. The rep that we spoke with told us that in the states, T-Mobile now wants your password to contain a minimum of six different numbers. However, the first four numbers will still be visible to T-Mobile customer service reps in the U.S.

Recommended Stories
Just a couple of hours ago, T-Mobile Austria tweeted out a new statement stating that there is no data breach at the carrier and it goes on to say that "databases are encrypted and secured," but that further security measures will be taken "as necessary." Check out the complete series of tweets in the slideshow below.


source: @tmobileat via Motherboard

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless