Overview
• T-Mobile accounts had been subject to SIM-swapping on at least 104 occasions throughout 2022.
• This type of hacking involves tricking a network provider into switching the account to a SIM under the hacker’s control.
• The FBI received 320 SIM-swap complaints between 2018 and 2020, and 1,611 complaints in 2021.
Details of T-Mobile Hackings
T-Mobile accounts were hacked more than 100 times during 2022, according to researchers from Krebs on Security. Known as SIM swapping, this form of hacking is done by tricking the network provider into switching the account to a SIM card that hackers have control over. This allows them access to text messaging codes which can be used for 2 Factor Authentication (2FA), giving them access to information such as financial or social media accounts tied to that phone number. Nicholas Truglia was sentenced to 18 months in prison for stealing $23.8 million in crypto via SIM swapping related to one victim, Michael Terpin.
Increase in Complaints
The FBI has reported an alarming increase in complaints regarding SIM swapping attacks over recent years; there were 320 reports between January 2018 and December 2020 compared with 1611 complaints reported in 2021 alone. It is thought that these numbers are just a fraction of the true scale of the problem due to other hacker groups using undisclosed Telegram channels or other carriers being involved in such activities.
Hacker Groups Using Telegram Channels
Researchers identified three distinct hacker groups operating within Telegram channels who advertised access to T-Mobile customer’s accounts through posts made within the platform. These groups remain anonymous so as not draw attention away from their activities; however logs from these channels tallied up at least 104 incidents until mid-May when researchers abandoned their count due to time constraints, indicating that there may have been many more incidents than first thought.
Tips for Counteracting Against Sim Swapping Attacks
To help prevent such attacks it is important for users protect themselves against sim swapping by securing their mobile phone account with strong passwords and setting up two factor authentication (2FA). Additionally they should ensure they are aware of any suspicious activity such as an unexpected change of number or unusual texts being sent out and report it immediately if they occurr