T-Mobile is investigating a massive data breach after a hacker reportedly accessed the company’s servers and stole the personal data of more than 100 million customers.
The data breach was first spotted when a threat actor posted on a forum claiming to be selling a database containing the details of 30 million people. The price for the database was 6 bitcoin (approx. $280K)
According to the threat actor, they stole the data from T-Mobile in an alleged server breach. The attacker claims to have gained access to T-Mobile’s production, development, and staging servers, and an Oracle database which contained sensitive information.
This data breach reportedly contains the details of up to 100 million T-Mobile customers. It includes IMSI, IMEI, phone numbers, customer names, security PINs, Social Security numbers, driver’s license numbers, and date of birth.
“Their entire IMEI history database going back to 2004 was stolen,” the hacker told BleepingComputer.
An IMEI is a unique number that is used to identify a mobile phone, while an IMSI is a unique number that is associated with a cellular network’s user.
The threat actor exploited T-Mobile’s servers by accessing a vulnerable Oracle server using an SSH connection. The hacker then shared a screenshot of an open connection to prove they are telling the truth.
According to cyber security firm Cyble, in another instance, the threat actor claimed to have stolen over 106GB of data from various databases, which included T-Mobile’s CRM database. According to Motherboard, they could verify that the data samples provided by the attacker belonged to T-Mobile customers.
According to the threat actor, they did not attempt to ransom the data and decided to sell it on forums instead.
The threat actors behind the attack told Alon Gal, the chief technology officer at cybercrime intelligence company Hudson Rock, that it was a retaliation act carried out the operation to damage US infrastructure.
“This breach was done to retaliate against the US for the kidnapping and torture of John Erin Binns (CIA Raven-1) in Germany by CIA and Turkish intelligence agents in 2019,” the threat actors told Gal. “We did it to harm US infrastructure.”
Binn was reportedly tortured and harassed by Turkish and US officials. He is seeking to compel the release of documents regarding these allegations under the Freedom of Information Act.
