Hackers selling data on 100M T-Mobile customers after server attack
T-Mobile is looking into a breach of its servers that has apparently resulted in harvested data on over 100 million customers being sold on a hacker forum.
On Sunday, T-Mobile confirmed it was investigating a post on a hacker forum claiming to sell a cache of data relating to its customers. It is claimed by the poster that they had managed to acquire the data on over 100 million people, taken from servers operated by the carrier.
The data stems from "T-Mobile USA. Full customer info," the forum poster told Motherboard, and that multiple servers were compromised to get it.
The trove of data appears to consist of names, phone numbers, physical addresses, IMEI numbers, driver license information, and social security numbers. Samples obtained in reports appear to be genuine.
According to cybersecurity firm Cyble speaking to BleepingComputer, the attacker claims to have stolen multiple databases, acquiring some 106GB of data in the process.
The seller was openly offering data on 30 million social security numbers and driver licenses via the forum, requesting 6 bitcoin ($283,000) for the trove. They said the rest of the data is being sold privately through other deals.
It is believed that T-Mobile knows about the intrusion, as the seller said "I think they already found out because we lost access to the backdoored servers."
In its statement, T-Mobile says it is "aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time."
The hack is the latest for the carrier, and probably the biggest it has suffered so far. In 2018, a breach saw data on 2 million customers swiped, followed by another breach in 2019.
With some 104.8 million subscribers as of Q2 2021, the latest breach may have theoretically affected almost all of T-Mobile's customers.
Read on AppleInsider
On Sunday, T-Mobile confirmed it was investigating a post on a hacker forum claiming to sell a cache of data relating to its customers. It is claimed by the poster that they had managed to acquire the data on over 100 million people, taken from servers operated by the carrier.
The data stems from "T-Mobile USA. Full customer info," the forum poster told Motherboard, and that multiple servers were compromised to get it.
The trove of data appears to consist of names, phone numbers, physical addresses, IMEI numbers, driver license information, and social security numbers. Samples obtained in reports appear to be genuine.
According to cybersecurity firm Cyble speaking to BleepingComputer, the attacker claims to have stolen multiple databases, acquiring some 106GB of data in the process.
The seller was openly offering data on 30 million social security numbers and driver licenses via the forum, requesting 6 bitcoin ($283,000) for the trove. They said the rest of the data is being sold privately through other deals.
It is believed that T-Mobile knows about the intrusion, as the seller said "I think they already found out because we lost access to the backdoored servers."
In its statement, T-Mobile says it is "aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time."
The hack is the latest for the carrier, and probably the biggest it has suffered so far. In 2018, a breach saw data on 2 million customers swiped, followed by another breach in 2019.
With some 104.8 million subscribers as of Q2 2021, the latest breach may have theoretically affected almost all of T-Mobile's customers.
Read on AppleInsider
Comments
Between all the differing hacks over the years, your info sits in some database for sale.
Cannot believe that anyone would be stupid enough to give a Social Security number for a cell phone.
TMobile's definition of security is forcing people to change their passwords about every other month. PITA because I don't always remember the latest password update. But, with a cell phone data breach, how would a two-factor authentication work, given how many of them involving entering a code sent via SMS text?
Really not worth a response, but you have it wrong. Data in iCloud _is_ encrypted. The scanning process starts with the phone analyzing a "hash" of the photo for a match. It's encrypted on the phone during the process. When a match is made, then the photo is sent with a separate "wrapper" encryption that the iCloud servers are permitted to unwrap when they have acquired enough "vouchers". This threshold must be reached or the decryption process does not work. Apple explains all of this in their technical explanation.
Yes, challenge Apple all you want, but make sure you are challenging based on truth and fact, not assumption.
tl;dr If it's stored in iCloud it's encrypted. Apple holds the encryption keys so the data can be shared. In 2020 Apple honored ~90% of US Government requests for user data.