T-Mobile customers' passwords could be vulnerable
After receiving several incredulous tweets about the apparent lack of security, another tweet from T-Mobile Austria basically said that its subscribers have nothing to worry about because "We secure all data very carefully, so there is not a thing to fear." It has been our experience that when someone tells you not to worry about something, it is time to start worrying. Same as when someone says "Believe me." Those two words are usually followed by the biggest lies.
T-Mobile Austria made a brief statement that tried to characterize this whole thing as a "misunderstanding" about how the carrier stores customer passwords and what is available to customer service reps. However, a quick call to T-Mobile revealed that customer service reps do have the ability to see the first four characters of your password not only in Austria, but also in the U.S. The rep that we spoke with told us that in the states, T-Mobile now wants your password to contain a minimum of six different numbers. However, the first four numbers will still be visible to T-Mobile customer service reps in the U.S.
Just a couple of hours ago, T-Mobile Austria tweeted out a new statement stating that there is no data breach at the carrier and it goes on to say that "databases are encrypted and secured," but that further security measures will be taken "as necessary." Check out the complete series of tweets in the slideshow below.
source: @tmobileat via Motherboard