Cybercrime groups allegedly breached T-Mobile security over 100 times in 2022

An analysis by security expert Brian Krebs found evidence that three different cybercrime groups, all of which sell stolen access to cell phone accounts, had breached T-Mobile’s security at least 100 different times in 2022.

Krebs tracked Telegram messaging channels used by the groups to find periods where they were able to sell access to stolen service via a method called SIM-swapping, which temporarily shifts a users’s account to a different SIM card.

Krebs determined that the groups had gained access to T-Mobile’s internal systems on at least 104 days in 2022–and that only represents data for seven and a half months of the year.

Breaches of this type allow for the temporary hijacking of a user’s phone number, including their ability to receive SMS messages. With a large and growing number of websites from Facebook to local banks relying on text messages to authenticate logins, this provides would-be intruders with a means to break into other accounts.

While T-Mobile declined Krebs request for a comment on what they were doing to reduce such breaches, he did note that in November and December of 2022 the cybercrime groups began complaining of decreased success, including fewer days where break-ins occurred and shorter periods of access.