T-Mobile investigating alleged data hack affecting 100 million customers
American telecom operator T-Mobile has confirmed that it is investigating a data breach possibly involving around 100 million customers. A threat actor recently claimed to have stolen T-Mobile's database containing the birth dates, driver's license numbers, and Social Security numbers of customers. Unlike most hackers, the seller of this data has been happy to respond to media outlets when contacted. Here's what went down.
Hacked data includes Social Security numbers, names, addresses of people
The hacker first posted the T-Mobile customer data for sale on an underground hacking forum. Unlike previous T-Mobile hacks (yes, we will get to them), this time the data includes personally identifiable information such as Social Security numbers, names, and addresses of over 100 million people. Motherboard reportedly reviewed the samples of the data and, worryingly enough, they appeared to be authentic.
Hacker obtained data two weeks ago by infiltrating Oracle database
According to a screenshot of the hacker's post, 30 million records are available for sale. Engadget reported that the other 70 million records are being sold through private channels. Meanwhile, the hacker told BleepingComputer that the data was obtained two weeks ago by hacking into the telecom provider's production, staging, and development servers including an Oracle database server containing customer data.
Hacker demanding six Bitcoin for part of the stolen data
The hacker reportedly shared a screenshot of an SSH connection to a production server running Oracle as proof of the breach. The hacker is demanding a price of six Bitcoin for selling 30 million records, roughly amounting to $285,000. The hacker claimed, "Their (T-Mobile's) entire IMEI history database going back to 2004 was stolen". IMEI numbers are used to uniquely identify mobile devices.
We did it to harm US infrastructure: Hacker
The threat actors told cybercrime intelligence firm Hudson Rock's chief technical officer Alon Gal, "This breach was done to retaliate against the US for the kidnapping and torture of John Eric Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019." Binns sued the FBI, CIA, and Department of Justice last year to compel US to release documents regarding these activities.
T-Mobile says it is actively investigating the matter
As for T-Mobile, the company said, "We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time". Previously, the telecom company's data was breached in December 2020, March 2020, 2019, and 2018. However, none of these breaches claimed to have leaked so much personal data.
