this post was submitted on 24 Dec 2023
330 points (99.4% liked)

Technology

59593 readers
3150 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 50 comments
sorted by: hot top controversial new old
[–] TornadoRex@lemmy.world 97 points 11 months ago (2 children)

T-Mobile owned companies and data breaches. Can you name a better duo?

[–] Chozo@kbin.social 21 points 11 months ago

I feel like Target has to be giving T-Mobile a run for their money in this field. It seems like I'm reading about a new Target data breach at least every other year.

[–] 01189998819991197253@infosec.pub 7 points 11 months ago (1 children)

Still a better love story than Twilight?

[–] GladiusB@lemmy.world 3 points 11 months ago

Vampires and not Twilight?

[–] Raiderkev@lemmy.world 36 points 11 months ago (1 children)

Fuckin great. I ran out of hotspot like a month ago while working remotely on a road trip. I needed hotspot right then /there, and my phone is on a family plan. Increasing my hotspot data meant I had to do it for the whole family plan and pay almost double the amount on the monthly bill. I thought I outsmarted the system by getting a mint mobile 3 month subscription for like $40 to just use for that trip... Aaaaaand my data's been breached... Cool..

[–] GhostMatter@lemmy.ca 5 points 11 months ago

The screenshot in the article said the reach was a few months old, last July.

[–] atmur@lemmy.world 29 points 11 months ago* (last edited 11 months ago) (3 children)

I jumped ship to another carrier right after they were bought out by T-Mobile and I've dodged ~~price hikes and now~~ data breaches. T-Mobile just ruins everything they touch.

[–] essteeyou@lemmy.world 18 points 11 months ago (3 children)

Price hikes? I just renewed for $250 for a year. I don't remember the exact price I paid the year before, but $250 is still incredibly cheap compared to most, isn't it?

[–] criticon@lemmy.ca 19 points 11 months ago (2 children)

My wife has been with Mint for 5 years now and there have not been any increases to her plan, on the contrary, they increased the data allowance in her tier

[–] henfredemars@infosec.pub 11 points 11 months ago

The numbers is the entire reason I remain with Mint. I liked Mint. T-mobile isn't a company I'd like to do business with and will switch away the moment I see an increase if there's a better offer elsewhere.

[–] Jayb151@lemmy.world 2 points 11 months ago

I've been with them for something like 7 years now. Started with 1gb of data, and now I get 4gb. I've never changed price tier as well. Over all really great service, bummer about the breach though.

[–] atmur@lemmy.world 6 points 11 months ago

Hmm, I think I might be mistaken on that then. I remember them announcing that they were nixing the $15 plan (which a couple of my family members were on), but it's still there. Maybe they reverted it, or it was just Reddit spreading nonsense information. I'll edit my comment.

[–] wreckedcarzz@lemmy.world 4 points 11 months ago* (last edited 11 months ago)

Eh, I have my folks on t-mo's $15/each for 3.5gb/unl/unl plan. My second line is with tello for $6/mo. $25/mo is cheap compared to my at&t business postpaid plan (phone + laptop + watch for ~$130 out the door), but if I wasn't going for features, I'd be right there with them for the $15 plan. I'd even go both lines from tello, but the difference between tmo qci6 and qci7 is brutal in my area, and often means data becomes completely unusable during the day. Over-subscribed towers. So t-mo MVNOs are a nogo for me, thus $15.

[–] twhite@lemmy.ml 7 points 11 months ago (1 children)

Jumped to where if you don't mind my asking?

[–] atmur@lemmy.world 13 points 11 months ago (2 children)

Tello. The service and price have been basically the same as pre-acquisition Mint. They also use T-Mobile's network but are not owned by them (...for now, at least.)

[–] 01189998819991197253@infosec.pub 8 points 11 months ago

I wasn't aware of their existence. Thank you. I see they're slightly less expensive than tmo's mint and don't require bulk buys, so that's nice.

[–] wreckedcarzz@lemmy.world 4 points 11 months ago (1 children)

Tello (and all* [except Google Fi's flex plan, and their most expensive plan] tmo MVNOs) run at qci7, or one peg below tmo direct customers* (except tmo essentials and those who go over their 'high speed data cap', which are at qci9 or 'the back of the bus'). This can mean virtually nothing in some areas, or it can mean that the tower you are on is so over subscribed/at capacity so hard that data becomes non-existant.

I have tello as a second line, where data isn't important. But my home area falls under the 'data is non-existant' category during the day, which is why they are my second line.

Just be cautious.

[–] Rolder@reddthat.com 1 points 11 months ago

These kinds of plans work great for when you are on Wi-Fi 99% of the time and you just need it for the 1%.

[–] pi3r8@lemmy.world 3 points 11 months ago (1 children)

What makes you so sure they didn't retain your data?

[–] atmur@lemmy.world 4 points 11 months ago

There's chance they did, but I didn't get any kind of announcement email about it. I also used an email alias for my old Mint account, so if I suddenly start getting spam emails to that address, I'll have my answer, lol

[–] 01189998819991197253@infosec.pub 22 points 11 months ago* (last edited 11 months ago) (1 children)

When the merger was first announced, my friend sent me a link to the Ryan Reynolds video of the announcement. I sent back, "cute vid. I sense a breach in our future lol"

I guess that 'lol' wasn't necessary...

[–] postmateDumbass@lemmy.world 6 points 11 months ago

I guess that ‘lol’ wasn’t necessary…

Everyone deals with pain differently

[–] RandomVideos@programming.dev 18 points 11 months ago (1 children)

The mint for desktop is much better than the mint for mobile

[–] chili1553@lemmy.world 2 points 11 months ago

I use Arch, btw

[–] jordanlund@lemmy.world 17 points 11 months ago (1 children)

"Once they gain access to the number, they can try to access the user's online accounts by performing password resets and receiving the OTP codes to get past multi-factor authentication."

Mint - "Can't bypass multi-factor authentication when you never implemented multi-factor authentication!"

[–] Taztrophe@kbin.social 6 points 11 months ago

Not sure when they added it but immediately after seeing this post I hit my account to change my password and confirmed Mint does offer 2FA using auth apps (I used Google Authenticator) so I activated it.

I expect this to replace the SMS codes they'd been sending me before and hopefully prevent what you're describing.

Would be nice if these big firms would stop serving us the breach du jour.

[–] 0110010001100010@lemmy.world 16 points 11 months ago (3 children)

Is it just me or has 2023 been the year of the data breach? Maybe they are just larger or more widely reported. Just seems like there have been a fuck-ton of them this past year.

[–] CaptainSpaceman@lemmy.world 9 points 11 months ago (1 children)

Hackers-for-hire on the darkweb is big business these days

[–] 0110010001100010@lemmy.world 11 points 11 months ago (2 children)

While true, I'm not convinced that fully explains it. Having been in IT nearly 2 decades I feel like the second piece is cybersecurity budgets getting slashed. A lot of them have been super-basic shit like someone clicking on a malicious link.

[–] PaupersSerenade@sh.itjust.works 5 points 11 months ago

Yeah, some youtube videos that cover basics and hiring a firm after a breech is pretty standard it feels.

[–] CaptainSpaceman@lemmy.world 3 points 11 months ago

Oh for sure, didnt mean to imply it was the only reason.

Spearphishing high-value targets, or even just phishing a company's email roster are very very common practices because they yield significant results.

Theres also the "insurance approach" to cybersecurity, where its cheaper to run PR for a little while and/or take out insurance policies against cyber attacks such as ransomware. The latter is a key factor as to why many companies dont mind paying the ransom at all.

[–] sbv@sh.itjust.works 4 points 11 months ago (1 children)

I bet 2024 will have more. More stuff is online and we don't seem to be getting any better at securing it.

[–] 0110010001100010@lemmy.world 8 points 11 months ago

I don't think the problem is "we" securing things (we being cybersecurity professionals). I think the problem is companies seeing that it's cheaper to take the PR hit, pay the ransom, pay for cybersecurity insurance, etc than it is to pay for a properly secured network.

Cybersecurity is hard (citation needed) and costs a lot of money (citation needed). If a company figures it's cheaper to have a breach and deal with the fallout than it is to properly secure shit I can promise you what will happen.

As always, follow the $$$.

[–] knobbysideup@sh.itjust.works 2 points 11 months ago (1 children)

Profit > Security. These companies don't care so long as the consequences don't affect profit significantly enough. Infosec is always an afterthought, if considered at all.

load more comments (1 replies)
[–] glacier@lemmy.blahaj.zone 7 points 11 months ago (1 children)

I switched to US Mobile a couple months ago and it has been a much better experience.

[–] QuarterSwede@lemmy.world 1 points 11 months ago

Hadn’t heard of them. Too bad their plans are complicated.

[–] martinb@lemmy.sdf.org 3 points 11 months ago

I thought they meant Linux Mint, the Debian derivative. Very confused until I read the comments.. perhaps I should read the article 😳

[–] ahriboy@lemmy.dbzer0.com 3 points 11 months ago (1 children)

Shit. My American Aunt and her family uses T-Mobile Family Plan.

[–] random65837@lemmy.world -1 points 11 months ago

TMO is breached yearly, Mint customers and TMO customers aren't the same thing, Mint is TMO's customer, not the individuals. Not the same databases. In the end, Mint doesn't have half the data on it's customers that actual TMO does on theirs.

[–] Dudewitbow@lemmy.zip 3 points 11 months ago

I got off mint last month so at the very least they cant port my number off when the number is no longer with them anymore.

[–] time_lord@lemmy.world 2 points 11 months ago

If I never got the email, does that mean I wasn't effected?

[–] Extrasvhx9he 2 points 11 months ago* (last edited 11 months ago) (1 children)

Fuck but I do have totp already enabled should I just change my password?

Edit: my paranoia got to me I'm gonna just reset my totp seeds and change my password. Some of the info was fake so that'll protect me a bit. Guess that's the best you can do for now

Edit 2: they made it a pain in the ass to change your password apparently now they favor only 20 characters max (rip my 35 character password). A nice warning on their website would've been really helpful

[–] Unaware7013@kbin.social 3 points 11 months ago

Edit 2: they made it a pain in the ass to change your password apparently now they favor only 20 characters max (rip my 35 character password).

That just screams they're not storing passwords properly. If you're salt+hashing your passwords, they could throw Hamlet into the password field and the only limit is how big the text entry field can be. The output is a fixed length string, so I put length should be immaterial.