T-Mobile says its customer records have been pillaged yet again. In a filing with the SEC, T-Mobile said it learned on Jan 5 that a "bad actor" abused an API to harvest names, billing addresses, phone numbers emails, dates of birth and T-Mobile account numbers on 37 million current postpaid and prepaid customers.

Perfect timing, too. There are only a few more days left for T-Mobile customers to claim their $25 or possibly more for T-Mobile's settlement from the breach last August, when they exposed similar data on at least 40 million current and former customers.

And to think this data was exposed despite T-Mobile saying as part of its settlement from last year's breach that they were going to invest $150 million into their own security infrastructure.

https://www.sec.gov/ix?doc=/Archives/edgar/data/0001283699/000119312523010949/d641142d8k.htm

https://www.cnet.com/tech/mobile/another-data-breach-has-hit-t-mobile-impacting-37-million-accounts/

The cat just went over to the HomePod mini on my desk, meowed at it, and Siri said "sure here is some music for you" and the cat perched on the window sill listening to Garbage and Elliott Smith.

I just want to know how long this has been going on.

Developers, PLEASE, for the love of all that is holy, don't disable pasting into password fields.

We all want to use more secure passwords, but if for some reason our password manager doesn't work with your site or app, having to 10-finger a long password is annoying.