T-Mobile hack may have exposed data of 2 million customers

T-Mobile says that passwords may have also been accessed, though only in encrypted form.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture, Video Games, Breaking News
Sean Keane
2 min read
Portable device photo illustrations

T-Mobile fought off hackers on Monday, but customer data may have been exposed.


T-Mobile has revealed that hackers may have stolen the personal information of some of its customers.

The intrusion took place on Monday, and some customer data "may have been exposed" before the carrier's cybersecurity team shut off access and reported the breach to law enforcement, it said in a statement.

Around 3 percent of T-Mobile's 77 million customers -- more than 2 million people -- may have been affected, a company representative told Motherboard. Those people are being notified via text message.  

The data breach included customer names, billing zip codes, phone numbers, email addresses, account numbers and account types (prepaid or postpaid). Credit card numbers, social security numbers and passwords weren't accessed, the company initially said. 

However, a T-Mobile representative later clarified to CNET and Motherboard that "encrypted passwords" had been exposed. 

The company says that hackers couldn't actually read them -- since they were encrypted -- but Motherboard says that a pair of security researchers believe T-Mobile used the MD5 algorithm to protect them, a protection scheme whose own author declared it "no longer considered safe" back in 2012. 

T-Mobile wouldn't confirm whether it used MD5.

The company also suggested the hackers were "international," according to our sister site ZDNet.

The company has recently been working to rebuild its approach to customer service, with a nationwide launch of care centers aiming to offer more dedicated service, and has committed to building a nationwide 5G network by 2020. 

Update, 4:47p.m. PT: T-Mobile  clarified that hackers might have seen encrypted passwords, but not ones they could necessarily access or use.

Watch this: Plenty of Android phones came with vulnerabilities pre-installed

12 awesome cheap phones you can buy right now

See all photos