Following its massive data breach, which included databases containing over 30 million customers’ data, a third-party hired by T-Mobile offered the hackers around $200,000 to make them stop selling customer data. However, the attackers seem to be selling the stolen customer data regardless.
In August last year, T-Mobile confirmed the data breach after hackers were selling the stolen database for six bitcoin. The stolen database contained birth dates, driver’s license numbers and social security numbers for around 30 million users.
The news comes following the release of an indictment against Diogo Santos Coelho, the administrator of RaidForums, a popular hacking website that was taken down by law enforcement on Tuesday. The unsealed document states that the company (referred to as Company 3 in the document) hired a third party to get exclusive access to the stolen data from an individual using the moniker Sub Virt.
T-Mobile’s costly slip up
While the unsealed indictment, reviewed by Motherboard, doesn’t mention T-Mobile by name, it does add that the post selling the data confirmed that it belonged to a major telecommunicatins company and wireless network operator providing services in the United States.
The details mentioned about the database also coincide with the data leaked from T-Mobile, including the cost of the total database which was being sold for six Bitcoin.
The document goes on to state that that Coelho, using moniker ‘Omnipotent’ used his middleman service in aiding and abetting ‘Sub Vert’ in selling the sample of the hacked data to a third party operating on behalf of company 3 for a Bitcoin value of about $50,000 on or about August 17.
On August 22, the same third party bought the rest of the database for $150,000 on the condition that ‘Sub Virt’, the individual selling the data on RaidForums, would delete their copy of the data. The purpose of the deletion being that the undercover customer will have exclusive rights to the database greatly limiting T-Mobile’s exposure.
However, the document goes on to add that the co-conspirators continued to attempt to sell the databases even after the third party’s purchase. While the documents don’t name the third party hired for this purchase, cybersecurity firm Mandiant has been working with T-Mobile since the beginning of this data breach and could potentially be the company referred to as the third party in the documents.
In the News: Qbot botnet changes tactics to infect Windows users
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.