A threat actor has claimed to have accessed T-Mobile’s and stolen databases containing over 100 million customer’s data. T-Mobile is actively investigating the breach.
The breach appeared on a hacking forum on Sunday where the threat actor was selling the entire database for 6 Bitcoin. The post selling the database including a few samples. The database for sale contains birth dates, driver’s license numbers, social security numbers for over 30 million people.
The post doesn’t explicitly state the origins of the data. However, BleepingComputer reported that the attacker claims to have accessed the data in a massive T-Mobile server breach.
A data leak driven by revenge
The threat actor also claims to have hacked into T-Mobile’s production, staging and development servers two weeks ago. This also includes an Oracle database server which has stores customer data.
Not only this, the entire IMEI history database going as far back as 2004 has been stolen. The threat actor even shared a screenshot of an SSH connection to an Oracle server with the BleepingComputer as proof of access.
The Motherboard, in their report on the incident, also confirmed that they could verify the data samples provided by the hacker do belong to T-Mobile customers. A cybersecurity intelligence firm, Cyble, also reported that the multiple databases stolen in the attack contain approximately 106GB of data, including T-Mobile’s CRM (Customer Relationship Management) database.
In a conversation with Alon Gal, co-founder and CTO at cyber intelligence firm Hudson Rock, the threat actors claimed that they hacked T-Mobile to damage US infrastructure in an attempt to retaliate against the abduction and torture of John Erin Binns in Germany by the CIA and Turkish intelligence agencies back in 2019.
Binns is a Turkish resident who sued the CIA, FBI and Department of Justice in 2020, alleging that he was tortured and harassed by the US and Turkish governments and wants the USA to release documents regarding these activities under the Freedom of Information act.
In the News: Samsung Galaxy Z Fold 3 vs Galaxy Z Flip 3