Compromised API led to data theft of 37 million T-Mobile customers
Friday, January 20, 2023
An API lets a product or service communicate with other products and services, but as Red Hat notes, they also allow organizations to share data with customers and other external users. IBM points out that an API allows users to log into several sites using their Google or Twitter credentials, and travel booking sites to aggregate thousands of flights. However, F5 Networks writes that APIs have to be secured from injection, cross-site-scripting, man-in-the-middle and other attacks through strong authentication.
Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network, said that unprotected APIs are rapidly becoming one of the primary sources of disastrous data breaches. “The situation is aggravated by shadow IT that now encompasses not only the forgotten, abandoned, or undocumented APIs and web services but also the full spectrum of accidentally exposed APIs from test and pre-production environments that may be hosted or managed by numerous third parties that have privileged access to sensitive corporate data.”
Given that the exfiltration of 37 million customer records was not detected and blocked by the anomaly detection system, he suspects the breached API belonged to the unknown and thus unprotected shadow assets.
While the financial data of the customers is reportedly safe, he added, what the hacker got can be used by cybercriminals for sophisticated spear phishing attacks.
“In view of the previous security incidents implicating T-Mobile,” he also said, “legal consequences for this data breach may be pretty harsh – courts and regulators will be unlikely to be lenient when considering monetary and other available sanctions.” Read Full Article
Computing: PayPal: 35,000 customers breached in credential stuffing attack
IT PRO: T-Mobile customers at heightened risk of phishing attacks in wake of data breach