T-Mobile confirms it was hacked after customer data posted online

3 months ago 166

T-Mobile has confirmed “unauthorized access” to its systems, days aft a information of lawsuit information was listed for merchantability connected a known cybercriminal forum.

The U.S. compartment giant, which past twelvemonth completed a $26 cardinal merger with Sprint, confirmed an intrusion but that it has “not yet determined that determination is immoderate idiosyncratic lawsuit information involved.” The institution said that its probe volition “take immoderate time,” and nary timeline was given.

“We are assured that the introduction constituent utilized to summation entree has been closed, and we are continuing our heavy method reappraisal of the concern crossed our systems to place the quality of immoderate information that was illegally accessed,” the institution said.

Vice reported this weekend that T-Mobile was investigating a imaginable intrusion aft a seller was claiming to beryllium successful possession of millions of records. The seller told Vice that they had 100 cardinal records connected T-Mobile customers, which included customer relationship names, telephone numbers, the IMEI numbers of phones connected the account, and Social Security fig and driver’s licence accusation — details that the institution often collects to verify the identities of its customers.

Vice verified a illustration of the records from the seller, suggesting the information is successful astatine slightest partially valid.

The forum post, which TechCrunch has seen, asks for 6 bitcoin, oregon astir $275,000, for information connected a 30 cardinal subset of lawsuit data. The information was allegedly obtained from a T-Mobile-run database server that was connected to the internet, according to a screenshot posted by Bleeping Computer, which besides reported that the seller has the IMEI database “going backmost to 2004.” IMEI and ISMI numbers tin beryllium utilized to uniquely place and locate a cellphone user.

An earlier station seen by TechCrunch from the aforesaid seller and utilizing the aforesaid illustration of information claimed to person 124 cardinal records, but inactive did not sanction T-Mobile arsenic the root of the data. The station was deleted successful the past fewer days.

This is by our number the 5th clip that T-Mobile was hacked successful caller years.

In January, T-Mobile said it had a information breach that saw cybercriminals bargain astir 200,000 telephone records and different subscriber data. Last year, T-Mobile had 2 incidents — it admitted a breach connected its email systems that saw hackers entree immoderate T-Mobile worker email accounts and entree lawsuit data; and a breach of a cardinal prepaid customers’ idiosyncratic and billing accusation months later. In 2018, T-Mobile said as galore arsenic 2 cardinal customers whitethorn person had their idiosyncratic accusation scraped.

You tin nonstop tips securely implicit Signal and WhatsApp to +1 646-755-8849. You tin besides nonstop files oregon documents utilizing our SecureDrop.

Read Entire Article