Connect with us

Hi, what are you looking for?


Incident Response

T-Mobile Outage Mistaken for Massive DDoS Attack on U.S.

Wireless carrier T-Mobile on Monday suffered a major outage in the United States that impacted service at other carriers as well, and it ended up being reported as a “massive” distributed denial of service (DDoS) attack.

Wireless carrier T-Mobile on Monday suffered a major outage in the United States that impacted service at other carriers as well, and it ended up being reported as a “massive” distributed denial of service (DDoS) attack.

The incident started around noon and continued to impact T-Mobile’s network throughout the day, leaving millions without voice and text service. For some, data connectivity was also impacted.

Hours into the outage, T-Mobile President of Technology Neville Ray took it to Twitter to announce that the carrier was working on resolving the issue, which spurred a long wave of negative responses from discontent customers.

“Our engineers are working to resolve a voice and data issue that has been affecting customers around the country. We’re sorry for the inconvenience and hope to have this fixed shortly,” he said.

Other carriers were also affected by the incident, but reportedly blamed the experienced technical issues on the outage impacting T-Mobile’s network.

In a statement on late Monday, T-Mobile CEO Mike Sievert said that the issue impacted customers across the country, noting that, despite recovery efforts, it would still take several more hours to fully restore services.

“This is an IP traffic related issue that has created significant capacity issues in the network core throughout the day,” he revealed.

Advertisement. Scroll to continue reading.

According to Sievert, data services remained operational throughout the outage, but many users complained about their inability to access online services.

Some were quick to categorize the outage as a DDoS attack targeting major services in the United States, based on data from Digital Attack Map (an Arbor Networks service that monitors DDoS attacks) and outage aggregator Downdetector, and citing a tweet from @YourAnonCentral, which speculated on the source of the attack: “it may be China as the situation between South and North Korea is currently deteriorating.”

Matthew Prince, co-founder and CEO of Cloudflare, however, points out that the claims of the outage being caused by a DDoS attack are unsubstantiated, and says that the cited sources are unreliable (cybersecurity expert Marcus Hutchins does the same).

While DDoS attacks happen constantly, every day, there were no signs of a massive assault, based on the amount of traffic observed, and the fact that no major Internet service or platform reported anomalies, Prince notes.

“Except T-Mobile, which is having a bad day almost certainly entirely of their own team’s making. So, please, #hugops. And don’t worry, this is one thing that does not need to get added to the list of craziness that has been 2020,” he concludes.

FCC Chairman Ajit Pai has described the outage as “unacceptable” and says an investigation has been launched.

Related: Man Sentenced to 5 Years in Prison for DDoS Attacks

Related: NXNSAttack: New DNS Vulnerability Allows Big DDoS Attacks

Related: Hoaxcalls Botnet Expands Targets List, DDoS Capabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...