Are You a T-Mobile or AT&T Customer?

If you are a T-Mobile customer, there are three things that you need to do immediately.

• Change Your Password
• Change Your PIN
• Enable Two-Factor Authentication (2FA)

All of these measures will make sure that at least your account is safer from being compromised following the news of the massive data breach of the personal information of almost 55 million customers.

Being that your social security number, name, and mailing address were also possibly compromised, you may want to also begin to monitor your credit, if you are not already, and possibly lock your credit to avoid potential identity theft.

If you used the same password as your T-Mobile account on any other websites, you will want to also change those passwords too. The data stolen from T-Mobile has been offered up for sale on a data breach forum site which means it may soon be used in credential stuffing attacks.

AT&T Customer?

If you are an AT&T customer, you may want to take the same steps as there allegedly was a breach of the data of 70 million customers. The company denies that the data came from their systems but that does not rule out the possibility that the data was obtained through a third-party that does business with AT&T. As the saying goes, better safe than sorry!

What Is a Credential Stuffing Attack?

A credential stuffing attack is a type of attack when cyber-criminals take compromised usernames and passwords from a data breach and then try to log into accounts on other websites/platforms using those credentials. Recent examples of credential stuffing attacks are:

• Spotify has suffered a series of credential stuffing attacks against its user base between 2020 and 2021
• Ring[.com] and the compromise of accounts that did not have 2FA enabled which allowed attackers to access camera streams in 2019