Skip to content

T-Mobile paid a $200,000 ransom to hackers; still, the data was leaked

  • by
  • 3 min read

Following its massive data breach, which included databases containing over 30 million customers’ data, a third-party hired by T-Mobile offered the hackers around $200,000 to make them stop selling customer data. However, the attackers seem to be selling the stolen customer data regardless.

In August last year, T-Mobile confirmed the data breach after hackers were selling the stolen database for six bitcoin. The stolen database contained birth dates, driver’s license numbers and social security numbers for around 30 million users.

The news comes following the release of an indictment against Diogo Santos Coelho, the administrator of RaidForums, a popular hacking website that was taken down by law enforcement on Tuesday. The unsealed document states that the company (referred to as Company 3 in the document) hired a third party to get exclusive access to the stolen data from an individual using the moniker Sub Virt.

In the News: NSO spyware reportedly used to target European officials

T-Mobile’s costly slip up

While the unsealed indictment, reviewed by Motherboard, doesn’t mention T-Mobile by name, it does add that the post selling the data confirmed that it belonged to a major telecommunicatins company and wireless network operator providing services in the United States.

The details mentioned about the database also coincide with the data leaked from T-Mobile, including the cost of the total database which was being sold for six Bitcoin.

The document goes on to state that that Coelho, using moniker ‘Omnipotent’ used his middleman service in aiding and abetting ‘Sub Vert’ in selling the sample of the hacked data to a third party operating on behalf of company 3 for a Bitcoin value of about $50,000 on or about August 17.

On August 22, the same third party bought the rest of the database for $150,000 on the condition that ‘Sub Virt’, the individual selling the data on RaidForums, would delete their copy of the data. The purpose of the deletion being that the undercover customer will have exclusive rights to the database greatly limiting T-Mobile’s exposure.

However, the document goes on to add that the co-conspirators continued to attempt to sell the databases even after the third party’s purchase. While the documents don’t name the third party hired for this purchase, cybersecurity firm Mandiant has been working with T-Mobile since the beginning of this data breach and could potentially be the company referred to as the third party in the documents. 

In the News: Qbot botnet changes tactics to infect Windows users

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: