100M people in danger due to a possible T-Mobile customer data breach

A hacker claims to have breached the data of T-Mobile clients: database for sale

Hacker sells data online claiming that all the sensitive details are from the T-Mobile server.

On Sunday Motherboard reported some unusual instances as T-Mobile's customer data was spotted at the online forum. According to the report, the seller of sensitive information admitted that data had been taken from T-Mobile's servers and included personal information like Social Security numbers, names, driver license information. and even addresses. It is possible that stolen data could put in danger as many as 100 million people.^[1]

T-Mobile came out and addressed the most recent security breach and confirmed that they are investigating an online forum post about the stolen data claims. While further investigation is underway, it is still unclear when exactly the breach happened and what is the real motive. However, it is not the first time T-Mobile becomes the target of such attacks. The most recent attack on the company happened back in December 2020.^[2]

Back then, call-related information and personal phone numbers were exposed but the company was quick to announce that high-risk level data like names or Social Security numbers were safe. However, in 2018 hackers accessed personal data like names and addresses, a similar attack happened in 2019 too. It seems that the company became a favorable target for threat actor groups.

Data, allegedly taken in a massive server breach contains sensitive info

The information, allegedly of T-Mobile's customers surfaced on a hacking forum and attackers were selling it for six bitcoin (~$280K). While in contact with the hacker, BleepingComputer gathered that stolen information was gained in a massive server breach. The threat actor states that a hack into T-Mobile's production, staging, and development servers happened two weeks ago. Oracle database was hit too and it contains customer data.

Apparently, this situation could be even more threatening. Hacker shares that security PINs were also gathered and basically, the entire customer's IMEI history going back to 2004 was stolen. Making the situation even more serious, cybersecurity intelligence firm Cyble says that threat actors have stolen multiple databases totaling approximately 106GB of data, including T-Mobile's customer relationship management (CRM) database.^[3]

No direct ransom demands so far

As of right now, the threat actors say that they never contacted the company and simply decided to sell it on forums where they already have interested buyers. It is unclear whether ransom attempts would be made to individual customers. What is clear, that stolen data is verified and really does belong to T-Mobile customers. This situation just shows how threatening a security breach could be.

A security breach is any incident that results in unauthorized access to computer data, applications, networks, or devices. It results in information being accessed without authorization. Typically, it occurs when an intruder is able to bypass security mechanisms. Confidential information often ends up on the dark web, sometimes hackers ask for ransom. In all cases, such attacks cause millions in damage to companies.^[4]

Security experts agree that data breaches are not completely preventable but some practices could help detect and control the level of damage. Therefore, sound practices must be in place to detect, contain and remediate problems.^[5] Vulnerability assessments, penetration testing is recommended as much as training and overall awareness on how to be safe in cyberspace.