After the cyberattacks on numerous companies, two more big players are now in the spotlight. Hackers are believed to have obtained over 100 million data records from T-Mobile customers in the USA. At Windows 365, on the other hand, login data was allegedly visible in plain text.
The reports do not stop. New cyberattacks and security breaches at renowned and globally active companies become known almost weekly. After LinkedIn, Spreadshirt and the Poly Network, Microsoft and T-Mobile have now also been affected.
Data records of 100 million T-Mobile customers captured?
As reported by the Reuters news agency, hackers are said to have captured the data of over 100 million T-Mobile customers in the USA. In turn, the criminals offered the data records for sale in an online forum.
In addition to names and addresses, the data records are said to include social security numbers, telephone numbers and driver’s license data. It is not yet clear whether German customers are also affected by the data leak. However, since T-Mobile USA operates independently of Deutsche Telekom, this is unlikely.
270,000 US dollars for 30 million data records?
As a reward, the anonymous sellers are demanding six bitcoin for 30 million data records. This is the equivalent of around 270,000 U.S. dollars and seems relatively low in the context of recent ransom sums.
To prove the seriousness of their threat, the fences already provided some data. The criminals want to sell the remaining data sets through private channels.
Meanwhile, a company spokesman for T-Mobile confirmed the suspicions. However, he could not give more precise details about the extent. If the figure of 100 million is confirmed, almost all T-Mobile customers in the USA would be affected.
Windows 365 login data visible in plain text
At relatively the same time, it became known that the login data for Microsoft’s new cloud service Windows 365 was allegedly visible in plain text. The service is primarily aimed at companies, which Microsoft actually promises high security standards.
However, IT security expert Benjamin Delpy, who was one of the first testers of Windows 365, discovered a glaring security hole. According to the blog Bleeping Computer, Delpy was able to read the login data of numerous users in plain text.
Although the data is normally encrypted, Delpy was able to decrypt it using a simple trick. Cybercriminals could exploit such vulnerabilities to illegally gain access and steal data records.
Microsoft wants to fix the vulnerability with corresponding security updates. However, it is still unclear when this will happen.