JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Reconsidering Identity Security: The T Mobile® Breach



A week ago today another massive corporation was the target of a hacking attempt: telecom company, T Mobile®. The company was targeted by a reportedly “international” hacking group. The attack was successful, with almost 2 million T Mobile customers’ data compromised. That’s almost 3% of their customer base. The thought of such a breach sends chills down the spine. It’s times like these that one can only hope that companies start taking identity security seriously.

The T Mobile Breach

Hacked Information

Per their press release, T Mobile’s cyber-security team found that the hackers responsible for the August 20th breach made out with at least one or more of 2 million people’s “name, billing zip code, phone number, email address, account number, and account type” (T Mobile). Luckily, no credit card data was reportedly stolen, but something just as critical may have been.

The representatives from T Mobile claim that “no passwords were compromised.” This statement, however, is a sort of half truth. After their original release, the press team at T Mobile told the public that passwords were, in fact, stolen, but were all encrypted, and therefore, uncompromised.

As you likely know, not all encryption is created equal. The compromised-not-compromised passwords were supposedly encrypted using an outdated hashing algorithm, MD5, which was “no longer considered safe” by its creators in 2012 after the 6.4 million user LinkedIn hack. Even if the passwords were encrypted in a method that wasn’t the MD5 algorithm, experts say that the hashing method could be reverse engineered with a few larger hash samples from the T Mobile database (Motherboard).

Reconsidering Identity Security

Clearly, the whole situation with T Mobile is both a frightening and thought-provoking one. How can enterprises and individuals alike prevent something similar happening to them? Well, here at JumpCloud, we believe firmly in adopting strong password management principles and taking advantage of other identity security tools on the market, such as multi-factor authentication (MFA) or a zero trust security model.

It’s not just a passing phase, folks. If the T Mobile breach should teach us anything, it’s that these sort of breaches are almost a monthly (even weekly) occurrence. These days, your online identity is the gateway to, well, everything. Social security numbers, credit cards, sensitive company information. The list of “hackable” information goes on and on. If anything, most (if not everyone) should be incorporating MFA into their online accounts. According to Symantec, 80% of breaches could be eliminated by multi-factor authentication. Couple MFA with tighter password complexity requirements, biometrics, or perhaps an up-to-date hashing algorithm, and companies can dramatically decrease the chances of identity compromise.

If you are interested in implementing stronger security practices such as MFA at your organization, contact us to learn more.


Recent Posts
Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Blog

Introducing the JumpCloud Windows App for Workflow Simplicity and Security

Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Blog

Which Protocols Should Be Used for IAM?

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.

Blog

Breaking Down the Domainless Enterprise

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.