T-Mobile's latest security debacle was apparently caused by a 'system glitch' rather than a hack
UPDATE: As expected, T-Mobile has released an official statement on the latest security matter involving the possible breach of some of its customers' private data, but unexpectedly, the "Un-carrier" is denying any kind of "cyberattack" took place here, instead blaming the issue on a "temporary system glitch."
Furthermore, Magenta is stressing that "fewer than 100 customers" had "limited account information" exposed to an... unspecified number of other users. That may not sound very serious for a wireless service provider with over 100 million subscribers in total, but T-Mo could still face dozens of lawsuits in the near future. General user confidence is also likely to continue to plummet as a consequence of this incident, no matter if it was indeed a hack or just a "system glitch." Our original story follows below.
##
Yes, Magenta seems to be facing a new data breach, and this one is actually different from all previous issues in one important (and weird) way. Instead of suspecting foul play on their own accounts or being informed by the nation-leading "Un-carrier" of a hacking incident after the fact, T-Mobile users are seeing with their own eyes how the sensitive data of other customers is compromised in real time.
How bad is this breach?
From a certain standpoint, it might be the worst one yet, as unsuspecting folks could be charged for payments they haven't authorized but other unsuspecting customers have. That's because the official T-Mobile app started giving some people access to other people's financial information last night, and worse yet, it appears that the same name and credit card was shown on multiple accounts, allowing more than one person to make a payment.
If that sounds like a lawsuit waiting to materialize, don't worry, it gets (even) worse. In addition to the above, the accounts that weirdly displayed the names and financial info of other people not connected to said accounts in any way also reportedly showed the full address, phone number, and email of this hack's victims.
While T-Mo should be able to cancel all unauthorized payments that will be identified as such after investigating the incident, that's the type of information you can't just give back or erase from a bad actor's database. The good news is a very small number of users appear to have been impacted by this "bug", which was largely fixed in a matter of hours.
What can you do to stay safe?
Unfortunately for longtime T-Mobile fans, it looks like the best solution in the long run might be to turn your back on the US 5G industry leader. While no carrier is completely immune to security issues and data breaches, Verizon and AT&T have had to deal with far fewer (and far less serious) incidents of this nature than their arch-rival in the past couple of years.
Strictly speaking about this particular ongoing debacle, chances are that you don't need to do anything. If you didn't notice any funky business in the "bill" section of your T-Mobile app (or simply haven't opened said app during the night between September 19 and 20), you should probably hope for the best and assume that you're not one of the very few people who had their data mixed up, replaced, or compromised.
It might also be wise for us all to wait and hear the operator's side of the story and explanation for the whole snafu before criticizing it too harshly. For now, we only have generic assurances from the official T-Mobile Help Twitter X channel that the "Un-carrier" will "get to the bottom" of the issue and "ensure everything" everyone is seeing in its app is "correct" and lawful.
Things that are NOT allowed: