T-Mobile Data Breach: 100 Million Customer Records Leaked
T-Mobile Data Breach: 100 Million Customer Records Leaked, Including Social Security Numbers, Driver's License Numbers, and Unique Device Numbers
T-Mobile, the second biggest mobile provider in the United States as of Q2 2021, seems to have experienced a catastrophic data breach, with an estimated 100 million records for sale on a dark web forum.
The client data is as private as it gets, with a sample of it including correct Social Security numbers and driver’s license numbers,
among other personal details, according to Vice’s Motherboard magazine.
The entire extent of the T-Mobile data breach is still being examined, and the business has yet to confirm it.
T-Mobile is currently investigating the data breach and has yet to confirm the entire amount of personal information exposed,
but independent reports suggest that consumers should prepare for the worst and take precautions now. With an estimated 104 million users as of Q2 2021,
it seems that this data leak impacts almost everyone who uses the company’s service.
On the morning of August 18, T-Mobile released an update indicating that at least 47 million of its customers,
including previous users, were affected. At this moment, the business has only released a “preliminary investigation,
” but it has verified that the data breach may have exposed sensitive personal information such as Social Security and driver’s license numbers to at least 7.8 million current postpaid T-Mobile users. According to the report, 40 million more customers’ records exposed, although the consumer data did not include much personal information. It also verified that, in addition to their names and phone numbers, at least 850,000 current T-Mobile users had their account PINs exposed.
The firm said that it was reviewing “new information” and that “more repercussions” might be expected.
T-Mobile users should reasonably anticipate the following attacks, according to Jack Chapman, VP of Threat Intelligence at Egress:
“It’s been stated that the data stolen in this breach is already in the hands of hackers,
who may use it to create sophisticated phishing attacks aimed at the victims. As a result, any consumers who have impacted by this incident should be cautious about any unusual contacts they may now receive,
whether through email, text messages, or phone calls. Follow-up attacks may exploit the information obtained as a result of this data breach to persuade individuals to provide additional personal information that could used for identity and financial fraud. “
T-Mobile may (or should) take the following steps, according to Trevor Morgan, product manager at Comforte AG: “For T-Mobile,
the scenario raises privacy concerns and raises questions about their degree of due diligence in preventing hackers and data breaches—
the result, depending on the facts, may include penalties, legal action, and, of course, reputational harm… Ordinary businesses, on the other hand, may benefit from this.
T-Mobile is a global business with many tools at its disposal to avoid situations like these,
but the reality is that even the most well-protected company can have hacks and breaches. Defensive measures such as securing data perimeters aren’t foolproof,
and a determined threat actor can always find a way to get past data protection. It’s better to look at data-centric security, which protects the data rather than the boundaries that surround it. Tokenization, for example, replaces sensitive data components with representational tokens, making stolen information meaningless. Learning from the T-Mobile issue and deciding how data-centric security may help you strengthen your security posture is a wise decision. “
A data breach has resulted in a catastrophic loss of consumer information.
On Sunday, Motherboard broke the news of the data breach when a reporter stumbled across a dark web forum post offering a huge trove of T-Mobile user data for sale. Motherboard confirmed that an accessible sample had correct information on known T-Mobile customers in the initial post,
which included Social Security numbers, phone numbers, complete names, physical addresses, unique device IMEI numbers, and driving license numbers.
The vendor was originally asking for 6 bitcoin (about $270,000) for the accounts holding all of this information, presumably the 7.8 million minimum number confirmed by T-Mobile. The vendor said that the remaining data will made accessible at a later date.
While the source of the breach is unknown, conversations with the vendor suggest they had access to a backdoor into T-systems. Mobile’s The backdoor blocked after the listing created, but the seller claimed that they had exfiltrated all of the data and made several backups. T-Mobile has simply said that the security vulnerability that allowed the data to be accessed has been fixed.
The hacker or a representative went to Twitter to drum up business, saying that all of the client information discovered in plaintext on an “insecure” backup server that was easy to access. And The hacker has been in touch with Information Security Media Group,
who says that the exploited vulnerability caused by a misconfigured Gateway GPRS Support Node,
which used to link mobile devices to the internet.
The hacker claims to have gained access to 100 databases used to hold user information from two separate T-Mobile data centers for two or three weeks.
According to a follow-up investigation by KrebsOnSecurity, the hackers acquired genuine IMSI and IMEI data for 36 million consumers, information
that can used to carry out SIM swap attacks, which enable you to take control of a phone number without having physical access to it. The hackers also claimed that they could see credit card details in the client data,
but that just the first six digits were visible. Further investigation by Krebs into the culprits has shown that they may be linked to the Satori botnet, a derivative of the notorious Mirai botnet that was offered for rent to cybercriminals.
T-security Mobile’s track record has been concerning in recent years; this is the sixth data breach and/or loss of user data the company has suffered since 2018. In 2020, there were two assaults, both of which were minor in comparison to the present event. An email provider hacked in March, exposing basic account and contact information for a handful of workers and customers,
but the data breach also contained certain Social Security and payment information numbers. Another breach of account information for approximately 200,000 users occurred in December,
although this time without any financial or sensitive personal data. The 2019 hack affected over a million of its prepaid clients and restricted to identical basic account information. A data breach in 2018 exposed comparable basic user information, but only for approximately two million of the company’s customers.