New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Reliability on our Phone Numbers Leaves Us All at Risk

T-Mobile suffered a data breach that was confirmed on Thursday in which no financial data nor social security numbers were compromised, but phone numbers were a part of the data that was accessed. Regularly, the general population does not think of their phone number as a valuable piece of personal information, but they have become more than just a means of communication. Companies and services as of late have been using smartphones as a tool to authenticate the user on multiple platforms–acting as the skeleton key for life online. Also, the United States does not offer a universal identification, so the Federal Government has also been storing phone numbers as a way to identify people due to the long-term nature of phone numbers.  Hackers are aware of these processes and have been exploiting them in attacks known as SIM swaps. When setting up two-factor authentication, codes are normally sent to the device of the user. In this case, they go directly into the hands of an attacker along with any texts or calls intended for the victim. In the past, it was discovered that people carrying out these attacks have others “on the inside” who work at cell phone stores that will transfer numbers for them. Unlike credit institutions, no changes or steps have been made to better secure issues involving personal information being stolen, and there won’t be unless the government itself mandates it. Until further action is taken, avoid using your phone number to sign-up or login to subscriptions and services.