T-Mobile Data Breach

T-Mobile suffered a data breach that contains the personal details of more than 100 million customers. In an announcement published Monday,  T-Mobile confirmed that hackers gained access to the telecom giant’s systems.

“We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved,” T-Mobile wrote in its announcement.

T-Mobile says their investigation will take some time and confirms they are working with the highest degree of urgency.

“Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others”, T-Mobile confirms.

T-Mobile Data Breach

A threat actor was selling the alleged personal data for 100 million T-Mobile customers after they breached database servers operated by the mobile network.

T-Mobile mentions that it is investigating a forum post claiming to be selling a mountain of personal data. The seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers.

The data allegedly stolen during the attack contains the data for around 100 million T-Mobile customers, including IMSI numbers, IMEI numbers, phone numbers, customer names, security PINs, social security numbers, driver's license numbers, and date of birth.

On the underground forum, the seller is asking for 6 bitcoin, around $270,000, for a subset of the data containing 30 million social security numbers and driver licenses. The seller said they are privately selling the rest of the data at the moment.

In the reported attack, T-Mobile has confirmed that some of their servers were hacked in the attack and are continuing to investigate if customer data was accessed.

According to this issue, the stolen databases and servers accessed by the attackers illustrate that the threat actors downloaded customer data during the cyberattack. In the screenshots shared with BleepingComputer, the threat actors connecting to an Oracle database server over SSH on the company’s internal data center network.

Screenshot Connecting To An Oracle Database Server

Therefore, through this attack, the attackers can transfer a phone number to their own devices to receive password reset and multi-factor authentication requests that could let them breach other accounts belonging to a customer.

The company noted that it’s “confident that the entry point used to gain access has been closed” and that a review is ongoing.

Hence all T-Mobile customers should be careful about suspicious emails or SMS texts pretending to be from T-Mobile. The customers are advised not to click on any links embedded in the messages as threat actors.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.