CALL TODAY! +1 212 222 7061
  • Home
  • Contact Us
  • Blog
  • 24×7 Cyber 911 Response
Report incident
  • IR & Forensics
    • Digital Forensics Services
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Proactive Security
    • Proactive Cyber Defense Services
    • Managed Threat Hunting & Response
    • Remote Cybersecurity Suite
    • The Daily T.R.U.T.H.
    • Remote Worker Cyber Resilience
    • Post Ransomware Threat Hunting Services
    • Cyber Threat Hunting
    • Penetration Testing
    • Secure Code Review
    • Phishing Attack Simulation
    • Managed Detection and Response
    • Ransomware Protection Package
    • Business Email Compromise
  • Advisory
    • Cybersecurity Advisory Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience & Response
    • Compliance Advisory
    • Cloud Security Advisory
    • Project Management as a Service (PMaaS)
    • Tabletop Exercises
    • Cyber Resiliency Training
  • SecurityScorecard
    • Request a Demo
    • Security Data
    • Security Ratings
    • Market Place
    • Security Assessments
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
  • Company
    • About LIFARS
    • About SecurityScorecard
    • Notable Cases and Evidence Contribution
    • Meet the Team
    • Clients Advisory Board
    • LISIRT – Computer Security IR Team
    • Cyber Alliances
    • Insurance Panels
    • Cyber Events & Webinars
    • Cyber Press Room
    • Career in CyberSecurity
    • Cyber Security Training Videos
    • LIFARS SMS Alerts
    • Hackbits Podcast

Over 40 Million T-Mobile Customers’ Data Stolen

09/15/21
40-million-T-mobile-customer-data-stolen

Over the weekend in mid-August, a supposed hacker bragged in online forums about having successfully carried out a data breach involving 10’s of millions of current, prospective, and previous T-Mobile customers. The hack involved 106GB of data, including T-Mobile’s Oracle customer relationship management (CRM) database.

T-Mobile acknowledged the attack on 16 August and released further details in a statement on 17 August. T-Mobile further informed the public that the leak involved 7.8 million postpaid subscribers, 850,000 prepaid customers and “just over” 40 million past or prospective customers who’ve applied for credit with T-Mobile.

 

Test the real-world effectiveness of your security controls while achieving compliance and protecting your brand. Cyberwarfare expert, NATO offensive Top Security Clearance and ex-NSA are main members of our core team. Our ethical hackers will find weaknesses in your infrastructure, exploit them, and report their findings.

 

After initial investigations, it was reported that no phone numbers, account numbers, PINs, passwords, or financial information were among the compromised information. Initially, this puts T-Mobile’s account at odds with that of the attacker who claims that phone numbers, account numbers, security PINs, and passwords were indeed among the stolen data.

However, it has now come to light that phone numbers, IMEI and IMSI information, as well as the associated customer names, addresses, date of births, phone numbers, and IMEIs and IMSIs of a further 5.3 million current postpaid customer accounts.

Another 667,000 accounts of former T- Mobile customers were also accessed along with customer names, phone numbers, addresses, and dates of birth. To top it off, 850,000 active T-Mobile prepaid customer names, phone numbers, and account PINs were exposed. In response, T-Mobile had reset the PINs on all of the affected accounts.

However, T-Mobile is still holding out that no SSNs, driver’s license/ID information, or financial information, credit card information, debit, or other payment information was compromised.

T-Mobile also claims that it immediately identified and sealed off the access points used by the attacker after becoming aware of the incident.

According to the threat actor themselves, infiltrating T-Mobile’s servers was shockingly easy. If they are to be believed, a configuration error on an access point left it wide open for anyone who knows where to look.

The T-Mobile leak is supposedly part of a larger attack on US infrastructure, purportedly involving as many as 100 million accounts contained in various stolen databases. According to the attacker(s), this latest data theft spree is in retaliation for the detention and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019.

Binns, a US citizen residing in Turkey, has subsequently filed a lawsuit against the FBI, CIA, and DoJ for his alleged detention and torture as well as to release information pertaining to this investigation under the Freedom of Information Act.

The actor is publicly offering roughly 30 million records at 1 cent per record, or roughly 6 bitcoin (~$270,000) for the entire set. The rest of the supposedly 100+ million records are being sold off privately.

Considering the relative ease with which the latest heist was pulled off, this has raised concerns about how seriously T-Mobile takes data security. The US’ third-largest carrier has fallen victim to a number of data breaches over the last few years.

 

 

Sources:

T Mobile Shares Updated Information Regarding Ongoing Investigation into Cyberattack

Related Posts

Share this:

  • Tweet
  • Pocket
  • WhatsApp
  • Email
  • Telegram
  • Share on Tumblr

subscribe for cybersecurity newsletter

LIFARS Cyber Security Training

  • Digital Forensics
    • Computer Forensics Services
    • LISIRT – LIFARS Computer Security Incident Response Team
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Cybersecurity
    • Proactive Cyber Security
    • Managed Cybersecurity Threat Hunting & Response Service
    • Post Ransomware Threat Hunting Services
    • The Daily TRUTH
    • Remote Worker Cyber Resilience
    • Penetration Testing
    • Secure Code Review
    • Cyber Threat Hunting
    • Phishing Attack Simulation
  • Security Advisory
    • Cybersecurity Advisory and Consulting Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience Subscription
    • Compliance Advisory
    • Cloud Security Advisory Services
    • Tabletop Exercises
    • Cyber Resiliency Training
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
    • Cyber Events
    • Webinars
    • QuBit Conference
  • Company
    • About Us
    • LIFARS Leadership
    • Alliances
    • Clients Advisory Board
    • Join US!
    • Video Gallery
    • Blog
    • Newsletter
    • Press Room
  • Contact Us
    contact@lifars.com
    (212) 222-7061
    LIFARS, LLC
    244 Fifth Avenue
    Suite 2035
    New York, NY 10001

© 2023 LIFARS, a SecurityScorecard company

  • Privacy Policy
  • Cookie Policy