Tell HN: T-Mobile breach- double fuck up

50 points

3 years ago

I work for Metro by T-Mobile. Our store computers run thin clients operated by T-Mobile and the internal account management software EDGE fucked up the internal memo disclosing the recent data breach.

Upon accessing a cx account today I see the following memo: ———— High Priority Memo | Created by 11111 on 20-Jan-2023) Customer received the following SMS notification: IMPORTANT: Some of your account information was obtained without authorization. Passwords, SSN, payment methods were NOT affected. Your name, # of lines, contact details and other account information may have been. Learn more: metro-tmo.co/CustInfo. See https://www.metrocare-agent.com/announcements/<Redacted>… ————

First off, “metro-tmo.co” is a spam domain that isn’t owned or operated by T-Mobile. Not only could the person who wrote this memo fail to write complete English sentences, but they fail to link the correct domain to the announcement regarding their own data breach. as of this current moment, their internal account memo system continues to link this incorrect spam link. and to make matters worse, they even sent this spam domain to potentially millions of customers phones via sms.

26 comments