A hacker claims to have breached T-Mobile’s servers and stole a database containing the personal data of about 100 million customers.
The alleged data breach first surfaced on a hacking forum yesterday after hackers claimed to have sold a database containing the birth dates, driver’s license numbers and Social Security numbers of 30 million people for 6 bitcoins (about $280,000).
Forum post on selling T-Mobile data
While the forum post didn’t say where the data came from, the threat actors told the reveal they obtained data from T-Mobile in a massive server breach.
The attackers claimed to have breached T-Mobile’s production, login and development servers two weeks ago, including an Oracle database server containing customer data.
The stolen data allegedly contained data on approximately 100 million T-Mobile customers, possibly including customers who:
IMSI
IMEI
phone number
customer’s name
Security PIN
social Security number
driver’s license number
date of birth
“Their entire IMEI historical database dating back to 2004 was stolen,” the hacker revealed.
IMEI (International Mobile Equipment Identity) is a unique number used to identify a mobile phone, while IMSI (International Mobile Subscriber Identity) is a unique number associated with a user on a cellular network.
Cybersecurity intelligence firm Cyble revealed yesterday that attackers claimed to have stolen multiple databases totaling around 106GB of data, including T-Mobile’s customer relationship management (CRM) database.
Motherboard, the foreign media technology company that first reported the vulnerability, said it can verify that data samples provided by threat actors belong to T-Mobile customers. When asked if they were trying to redeem the stolen data to T-Mobile, the threat actors said they never contacted the company and decided to sell the data on forums where they already had interested buyers.
Foreign Media has reached out to T-Mobile, but has not yet received a response to our inquiry. However, Motherboard received a response, and T-Mobile said they were investigating the alleged data breach. “We are aware of the claims made on the underground forum and have been actively investigating their validity. We do not have any other information to share at this time.”
T-Mobile hacked in retaliation
The hackers told Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, that they carried out the hack to disrupt U.S. infrastructure.
“This breach is in retaliation for the US CIA and Turkish intelligence agents who kidnapped and tortured John Erin Binns – CIA Raven-1 in Germany in 2019,” Threat Actor Tell Gal in a conversation.
“We are doing this to damage American infrastructure.”
John Erin Binns, a resident of Turkey, sued the FBI, CIA and Department of Justice in 2020. The complaint alleges that Binn was tortured and harassed by the U.S. and Turkish governments and sought to compel the U.S. to release documents about those activities under the Freedom of Information Act.
A hacker claims to have breached T-Mobile’s servers and stole a database containing the personal data of about 100 million customers.
The alleged data breach first surfaced on a hacking forum yesterday after hackers claimed to have sold a database containing the birth dates, driver’s license numbers and Social Security numbers of 30 million people for 6 bitcoins (about $280,000).
Forum post on selling T-Mobile data
While the forum post didn’t say where the data came from, the threat actors told the reveal they obtained data from T-Mobile in a massive server breach.
The attackers claimed to have breached T-Mobile’s production, login and development servers two weeks ago, including an Oracle database server containing customer data.
The stolen data allegedly contained data on approximately 100 million T-Mobile customers, possibly including customers who:
IMSI
IMEI
phone number
customer’s name
Security PIN
social Security number
driver’s license number
date of birth
“Their entire IMEI historical database dating back to 2004 was stolen,” the hacker revealed.
IMEI (International Mobile Equipment Identity) is a unique number used to identify a mobile phone, while IMSI (International Mobile Subscriber Identity) is a unique number associated with a user on a cellular network.
Cybersecurity intelligence firm Cyble revealed yesterday that attackers claimed to have stolen multiple databases totaling around 106GB of data, including T-Mobile’s customer relationship management (CRM) database.
Motherboard, the foreign media technology company that first reported the vulnerability, said it can verify that data samples provided by threat actors belong to T-Mobile customers. When asked if they were trying to redeem the stolen data to T-Mobile, the threat actors said they never contacted the company and decided to sell the data on forums where they already had interested buyers.
Foreign Media has reached out to T-Mobile, but has not yet received a response to our inquiry. However, Motherboard received a response, and T-Mobile said they were investigating the alleged data breach. “We are aware of the claims made on the underground forum and have been actively investigating their validity. We do not have any other information to share at this time.”
T-Mobile hacked in retaliation
The hackers told Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, that they carried out the hack to disrupt U.S. infrastructure.
“This breach is in retaliation for the US CIA and Turkish intelligence agents who kidnapped and tortured John Erin Binns – CIA Raven-1 in Germany in 2019,” Threat Actor Tell Gal in a conversation.
“We are doing this to damage American infrastructure.”
John Erin Binns, a resident of Turkey, sued the FBI, CIA and Department of Justice in 2020. The complaint alleges that Binn was tortured and harassed by the U.S. and Turkish governments and sought to compel the U.S. to release documents about those activities under the Freedom of Information Act.
The Links: LQ190E1LW43 LM32P073