The news is very recent and the outlines are still obscure.
Tim was the victim of an unspecified data leak. Company technicians found suspicious and anomalous activity on management systems. The company has sent an ad hoc communication to all its customers involved in the accident, whose nature and extent are unknown for now.
The problems involved the MyTim personal area. While the investigation is ongoing, let’s see what we know so far about the data leak involving Tim.
Tim and the data leak
The data leak of which Tim is a victim therefore concerns the MyTim personal area, as the company itself admitted.
But what happened? “Suspicious and anomalous activities on the management systems” were found. If we know nothing more about these hypothetical criminal acts, more has been said about what was immediately done to thwart these activities.
Investigations in progress
Once unauthorized access to personal areas was discovered, Tim promptly notified his customers involved via email.
After that the company has communicated what happened to the competent authorities, as required by the European regulation for the protection of personal data (GDPR). All the procedures useful to accurately reconstruct the dynamics of the facts were started immediately.
The telco technicians noticed the anomaly during the routine security checks. In this way, Tim was able to quickly deactivate the credentials of the customers involved.
What is MyTim
The privacy of customers who access MyTim, the reserved area where all subscribers can use a series of services, was put in check.. Among these, the possibility to view and print the invoices of your subscription, to know the currently active plan and all the offers available. In addition to opening a complaint and asking for assistance using different channels, including the virtual operator.
Regarding the very recent data leak, Tim said he had “already activated and strengthened all the necessary measures to stop this activity and prevent it from happening again, informing the competent authorities and the customers concerned”.
The company reassures that all payment data is still safe. “The data involved does not contain information that can enable payment functions”.
The credentials problem
After the data leak, Tim returned to the very sensitive issue of credentials. It did so with two statements: one reserved for users whose credentials have been attacked, the other extended to all its subscribers.
In the first, the Milan-based company informed customers involved in the data theft that “For your protection and to ensure the security of your information, we are taking steps to disable the MyTim credentials as a precaution, also used for access to some related Tim services (Tim Party, Tim Personal), making it mandatory to change the password at the first access to the private area “.
Instead, the advice addressed to the entire user is that, usually but never repeated enough, to take all precautions against the credentials chosen to access the private areas.
The company says: “We consider it appropriate to recommend that you no longer use your old password, or a similar one, as well as change the password used to access any other online service, if it coincides with or similar to the one previously used on MyTim.
On this occasion, we remind you, which suitable measures to prevent abuse or fraud, to carefully guard and never disclose the authentication credentials to portals or systems on the web, use structured passwords (eg composed of numbers, uppercase and lowercase letters, characters special) to be changed periodically, to pay attention to phishing actions, to periodically update the software on your PC and mobile phone and to use an Antivirus “.
T-Mobile data theft
Tim’s data leak follows T-Mobile’s by a few days: Sensitive information from around 100 million people has been stolen and resold on an online forum.
It is evident that, to stem the problem, it is necessary to pay the utmost attention in the use of access credentials to private areas.
The importance of secure credentials
Tim said so and we can only associate. Even if often, out of laziness, you choose the same password for countless restricted areas, and you forget to change it periodically, it is good to change perspective and be convinced to follow a few but decisive rules.
As we reported in another article, unfortunately 85% of Italians do not use secure passwords to date, nor do they know how to check whether or not they have been compromised.