Heimdal
article featured image

Contents:

A T-Mobile data breach has come to the public’s attention after being announced by a cybercriminal. The hacker asserted that the impact points out to 100 million T-Mobile clients, the consequences of this cyber attack consisting in the theft of databases where private customer information was stored.

T-Mobile Data Breach: What Information Has Been Stolen?

According to the BleepingComputer publication, the hackers claimed that the hijacked data supposedly means:

  • IMSI and IMEI of the customers (International mobile subscriber identity, respectively International Mobile Equipment Identity): the IMEI history dating to 2004 was accessed;
  • Names and phone numbers of the clients;
  • Social Security numbers;
  • Birth data;
  • Numbers of the driver’s license;
  • Security PINs.

When Has the News of the T-Mobile Data Breach Been Known

On the 14th of August, a database containing data of 30 million customers was circulating on a hacking forum, being for sale with six bitcoin (~$280K). The targets of the threat actors had been T-Mobile servers that were involved in development, staging, and production. The hackers performed the security breach two weeks ago, including also an Oracle database. To prove the T-Mobile data breach, threat actors distributed a print screen where an SSH connection to an Oracle production server is illustrated by sharing it with BleepingComputer.

The T-Mobile data breach was initially reported by Vice’s Motherboard and by checking the information samples the threat actors provided, they come to the conclusion that the data breach is certainly linked to T-Mobile.

What T-Mobile Says About This Data Breach

After getting knowledge of the security breach, T-Mobile declared that the recent claims came to their attention and an investigation was started, but they did not have further details to add.

Later on, on the 16th of August, in a statement published on the company’s website, T-Mobile confirmed that their servers were victims of a security breach, but the company is still investigating if customer data was really accessed, as this information is not yet officially confirmed by the company.

We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

The Reason Behind

The cybercrime intelligence CTO from Hudson Rock, Alon Gal, who managed some conversations with the threat actors, claimed that the hackers asserted that the reason behind the T-mobile data breach is their intention to damage the US infrastructure. They also told to Alon Gal that they wanted to take revenge for John Erin Binns, the Turkish resident who sued in 2020 the FBI, CIA, and the Department of Justice. The threat actors declared that:

This breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019.

Source

Recommended Measures to be Implemented

Until the company confirms the accessed data and releases a statement on mitigation measures, it is recommended that users should be vigilant and not fall into the trap to click suspicious links embedded in fake T-Mobile e-mails that might circulate.

Not the First Data Breach

It’s not the first time T-Mobile was affected by data breaches. Following the ones from 2018 where hackers got customer private data or that from 2019 when prepaid clients had their info exposed, T-Mobile confirmed another data breach and SIM swapping attacks back in March 2021 informing clients in a security notice about account information exposure.

Author Profile

Andra Andrioaie

Security Enthusiast

linkedin icon

Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE