Hackers swipe personal data from 2m T-Mobile customers

24 Aug 2018

T-Mobile storefront. Image: Helen89/Shutterstock

T-Mobile discovered that cyber-criminals stole personal information from customers earlier in August.

Facebook has removed its Onavo Protect VPN app from the App Store, as Apple said it violated its strict data collection rules. The app is still available for download on the Google Play Store.

Meanwhile, the theft of an unencrypted laptop belonging to Irish telecoms firm Eir saw the company report the breach to the Data Protection Commissioner, Helen Dixon.

Also in Europe, EU officials are still unhappy with how big tech firms are dealing with content from terrorist and extremist sources, so there may be tougher regulations ahead.

In global espionage news from earlier this week, Microsoft said it curbed attempts by Russian hackers to steal data from conservative think tanks in the US.

Read on for a selection of some of the week’s most intriguing enterprise stories.

T-Mobile hit by data breach

The cybersecurity team at T-Mobile said it discovered that hackers from an “international group” stole some customer data including names, email addresses, account numbers and other billing data. In positive news, the culprits did not manage to obtain credit card numbers, social security numbers or passwords.

The company said it detected “an unauthorised capture of some information” on 20 August. According to a spokesperson, the breach affected around 3pc of T-Mobile’s 77m customers.

US election whistleblower sentenced to five years

Former NSA contractor Reality Winner was sentenced to five years in prison for leaking documents related to the Russian hacking efforts around the 2016 US election.

The 63-month sentence was not a shock but many of her supporters argue it was harsh and that she was right to expose the targeting of US voting infrastructure.

Investigators found her when tiny microdots on the paper identified the classified document. These dots were able to identify the printer along with the time and date Winner used it. The document itself revealed details of a spear-phishing campaign carried out by the Kremlin.

23andMe prevents API access to DNA data

Genetic testing company 23andMe has informed developers that its API is being shuttered in two weeks, according to CNBC.

The API is in use by dozens of developers and has not been without controversy. In 2015, Wired reported on an app using it to block people from sites based on characteristics such as gender.

Raw data will still be available for research partners of 23andMe, such as pharma giant GlaxoSmithKline.

Russian trolls spread vaccine misinformation on Twitter

A study from George Washington University in Washington DC found that bots and Russian trolls spread false information about vaccines on Twitter. The researchers discovered the issue while trying to improve social media for public health workers.

The research, which was published in the American Journal of Public Health, found that several accounts played both sides in the vaccinations debate in a politically charged context. Some of the accounts belonged to malicious actors “with a range of hidden agendas”.

Troll accounts tweeted about vaccines approximately 22 times more often than the average Twitter user.

T-Mobile storefront. Image: Helen89/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com