T-Mobile customers at heightened risk of phishing attacks in wake of data breach

By Ross Kelly for IT PRO
Friday, January 20, 2023

• 1.5k
• 28
• 32
• 28
• 18
• More
• 28
• 28

Dr Ilia Kolochenko, founder of ImmuniWeb, warned that although critical financial data was not stolen in this data breach, the incident could still create significant risks for customers.

Access to customer names and email addresses could be harnessed by threat actors to conduct targeted phishing campaigns in months to come.

“While the financial data of the customers is reportedly safe, the compromised billing details can be aptly exploited by cyber criminals for sophisticated spear phishing attacks aimed, amongst other things, to steal 2FA tokens from other systems,” he said.

API vulnerabilities rising

API vulnerabilities have escalated significantly in recent years as businesses globally continue to embed applications within their service offerings.

Research last year found that 95% of companies had encountered some form of API-related security incident between April 2021 and 2022. A similar study from Imperva revealed that API vulnerabilities cost businesses $75 billion (£60.6 billion) each year.

Gartner’s API Security and Management report last year predicted that, across 2023, APIs will become the most frequent attack vector for threat actors globally.

The consultancy also believes that more than half of data theft will come as a result of insecure or vulnerable APIs.

Kolochenko warned that unprotected APIs are “rapidly becoming one of the primary sources of disastrous data breaches” and creating serious challenges for global businesses.

“The situation is aggravated by shadow IT that now encompasses not only the forgotten, abandoned, or undocumented APIs and web services but also the full spectrum of accidentally exposed APIs from test and pre-production environments that may be hosted or managed by numerous third parties that have privileged access to sensitive corporate data,” he said. Read Full Article