T-Mobile Suffered Data Breach (Again) – 100 Million Customers Affected

T-Mobile has once again made it to the news after suffering another cyber attack. This time, the data breach caught attention after hackers put data of 100 million T-Mobile customers for sale.

T-Mobile Customers’ Data For Sale On Dark Web

According to Motherboard, a hacker group has put up a database of at least 100 million records belonging to T-Mobile customers for sale.

As elaborated in its report, the seller didn’t mention T-Mobile’s name in the advertisement. However, it confirmed the same to Motherboard, explaining to have pilfered data from multiple T-Mobile servers.

Earlier, a Twitter account seemingly linked with the hackers first disclosed the incident publicly. The Twitter handle “und0xxed” confirmed that the stolen database bears 36 million unique entries with personal details of the customers.

Later, the account stated that the dumped data includes roughly 100 million entries.

According to Motherboard, the seller has asked for 6 BTC for a subset of data with 30 million entries (SSNs and driver licenses).

Further explaining things to Brian Krebs, “und0xxed” confirmed that the data belongs to T-Mobile USA only. The breach doesn’t affect “Sprint and other T-Mobile owned telecoms”.

As for the details, und0xxed told Krebs,

Prepaid customers usually are just phone number and IMEI and IMSI… Also, the collection of databases includes historical entries, and many phone numbers have 10 or 20 IMEIs attached to them over the years, and the service dates are provided. There’s also a database that includes credit card numbers with six digits of the cards obfuscated.

While it presently remains undisclosed how the incident happened, the actual attackers haven’t precisely tried to hide.

Briefly, the Twitter handle “und0xxed” claims to be a PR of another entity “@IntelSecrets” that identifies itself as “John Erin Binns”, whom US security agencies accused of developing the Mirai botnet variant Satori. While Binns fled to Turkey to avoid prosecution, he alleges to have been kidnapped after the CIA falsely portrayed him as a terrorist to Turkish authorities, eventually leading to his arrest.

T-Mobile Confirmed Data Breach

Following the reports of the data dump, T-Mobile eventually confirmed having suffered the breach.

We have determined that unauthorized access to some T-Mobile data occurred.”

In its official statement, the firm assured to have started the investigations regarding this matter. However, it denied any breach of users’ personal data, contrary to what the dumped data shows.

Besides, T-Mobile confirmed to have contained the attackers’ access, something that the seller also confirmed to Motherboard.

For now, no further details have arrived officially from T-Mobile authorities.

This isn’t the first security breach with the firm, though. T-Mobile has appeared in the news in 2018, 2019, 2020, and even in early 2021 for data breaches. This is all in addition to the other security issues marring T-Mobile’s security stance.

Related posts

Vulnerabilities In Cinterion Cellular Modems Threatened IoT And Industrial Devices

Google Admits Active Exploitation For Chrome Browser Zero-Day

Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence