T-Mobile reported that its cyber-security team “discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities.” The data theft occurred in the morning on Monday, August 20, 2018.
According to Motherboard, the hackers exploited an internal API (application programming interface) on its servers that handled personal information.
The data from approximately 2 million people included:
- Billing address
- ZIP code
- Phone number
- Email address
- Account number
- Account type (prepaid or postpaid)
- Encrypted passwords