The hacker claims to have hacked T-Mobile’s production, development, and staging servers around two weeks back, including its Oracle database server.
T-Mobile is currently investigating claims of unidentified hackers that they have stolen the personal data of 100 million of its customers. Some of the data is up for sale at a widely used hacker forum.
The seller informed Motherboard, which first reported the data breach, that they hacked into T-Mobile’s servers and stole databases containing the sensitive information of millions of its customers.
On the other hand, T-Mobile said in a statement that,
“We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”
Threat actors claim to possess full customer info
Over the weekend, the hacking forum’s post became the talk of the town after a threat actor claimed to sell databases containing full customer info such as:
- Full names
- Birth dates
- Phone numbers
- Physical addresses
- Social security numbers
- Driver’s license numbers
- Security PINs
- Unique IMSI, IMEI numbers of 30 million customers.
As of August 15th, the hacker was offering the data for a whopping 6 Bitcoin (approx. $270 to $280k). However, at the time of publishing this article, Hackread.com can confirm that the entire data was being sold for just $200.
A Massive Data Breach!
The hacker claims to have hacked T-Mobile’s production, development, and staging servers around two weeks back, including its Oracle database server that contained vast reserves of customer data, including entire IMEI history dating back to 2004. The hacker shared a screenshot of an SSH connection to an Oracle-based production server to prove their claims.
Multiple T-Mobile Servers Allegedly Hacked
The data’s origins weren’t revealed in that post, but the seller told several tech platforms that it belongs to T-Mobile after they invaded multiple T-Mobile servers. Currently, they are selling 30 million records and the rest of the data they intend to sell privately.
After learning about T-Mobile’s response, the seller stated: “I think they already found out because we lost access to the backdoored servers.” However, before getting kicked out of T-Mobile’s servers, the hackers had already downloaded the data and backed it up in “multiple places” they revealed.
No Ransom Demand Made So Far
As per Hudson Rock’s CTO, Alon Gal, the threat actors told them they had hacked T-Mobile to damage US infrastructure. According to Cyble cybersecurity intelligence firm, the hacker(s) claim to have stolen around 106 GB of data, including T-Mobile’s CRM (customer relationship management) database.
“This breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019. We did it to harm US infrastructure,” Gal was told by threat actors.
Motherboard reported that they verified the data samples shared by the hacker, and it indeed belonged to T-Mobile customers. They also mentioned that the threat actors hadn’t contacted T-Mobile to make a ransom demand and instead are selling the data on hacker forums.
T-Mobile and data breaches
If you are a T-Mobile customer you must be aware that the telecom giant has a history of data breaches. In fact, from 2015 to 2021, T-Mobile has been involved in at least five (1, 2, 3, 4, 5) reported data breaches.