T-Mobile announced on Thursday evening that they were the target of a hack that they promptly shut down on August 20th. In the press release, T-Mobile stated that financial information and social security numbers were not stolen, however exposed data “may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid).”
While T-Mobile claims that passwords weren’t compromised (only the encrypted hashes), according to this article, the passwords may have been weakly encrypted and potentially discovered with a brute force attack.
Lessons of the past tell us that, even if you weren’t one of the 20 million customers supposedly involved, you should assume that you are. Go to T-Mobile’s website and change your password immediately – and remember, don’t use the same password anywhere else! I highly recommend using a password manager, such as LastPass, to generate and save secure passwords.
When I tried to login to my T-Mobile account, it forced me to update my password before proceeding so it should do that with you as well. Stay safe!