T-Mobile US systems were hacked this week, the cellular giant confirmed in a brief note on its website this week.
The break-in was spotted on August 20 by the firm's cyber-security team, it said, and the miscreants booted out same day.
"Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information," T-Mobile US warned.
According to Vice magazine's tech news offshoot Motherboard, the invading miscreants were able to potentially access information on about two million customers – 3 per cent of T-Mobile US's subscribers.
The US telco said none of the customers' financial data nor social security numbers were lifted, and no plaintext passwords were leaked – although we gather that hashed passwords were exposed to the hackers.
"You should know that some of your personal information may have been exposed, which may have included one or more of the following: name, billing zip code, phone number, email address, account number and account type (prepaid or postpaid)," the carrier told its subscribers.
T-Mo added that it had reported the cyber-intrusion to the "authorities", without specifying who those authorities were. The security breach was caused when "an international group" of hackers accessed a server through an API which was said not to have any "very sensitive data" available through it.
"As a reminder, it's always a good idea to regularly change account passwords," it chirpily added.
EE, which absorbed T-Mo's UK operations, confirmed to El Reg that no Brits were affected. ®