Updated: Feb 6
We see it time and time again. As reported just a few weeks ago, T-Mobile said in one of its recent filings that a treasure trove of its customers’ personal data was accessed by hackers. It’s apparently the eighth time some form of breach took place at T-Mobile. And although we hear of this type of attack often, especially among large companies, our mindset surrounding how assets actually become exposed isn’t necessarily cut and dry. Cybercriminals often “get it” via avenues that don’t start with hacking your organization in order to gain access to your organization’s data.
This T-Mobile article is a great example of this “indirect” access for hackers. It stands as a clear illustration that exposed assets don’t always have to be the ultimate victim’s assets. The company said that names, billing addresses, email addresses, phone numbers, birth dates, account numbers and plan information were stolen beginning November 25, 2022. According to T-Mobile, it took the company about a month before they discovered the breach. They also said it took just one day to fix the issue the criminal(s) were exploiting.
It turns out, as the article states, the hackers actually abused an application programming interface (API) -- a type of software interface that offers a service to other pieces of software that’s often controlled by others. It’s how literally countless software solutions operate today. Also, just a couple days ago, it was reported that Google Fi just sent a message to its customers surrounding a data breach that is likely related to the T-Mobile incident.
Google Fi said that its “primary network provider” informed them there had been suspicious activities within a third-party support system that housed some customer data. That’s a basic yet important example of the chain reaction that can either be intentional or unintentional from the criminal’s perspective. But the result is the same – it’s a breach that companies and customers have to then deal with and remediate. It must be noted, however, that there is no official confirmation yet linking these two breaches.
The irony is that data breaches like this are sometimes accompanied by company statements that declare that no breach of any corporate system or network took place. In other words, the stealing of the data came about from third-party assets. Assets outside one’s control now consistently lead to major headaches and reputational dings. This underscores the need to have the proper visibility that can warn you immediately that something that was not exposed yesterday is now exposed – giving you the opportunity to either dramatically minimize a breach or stop it altogether before the crooks are successful. That’s why identity threat detection and response (ITDR) is quickly making its way to the top of C-levels’ IT priorities.
To learn more about AuthMind’s unmatched visibility and schedule a quick demo, contact us today.