A hacker is offering for sale what they claim to be the personal data of over 100 million people, stolen from the servers of T-Mobile USA.
As first reported by Joseph Cox of Vice, information including the names, phone numbers, physical addresses, IMEI device numbers, driving license information, and social security numbers of T-Mobile customers is being offered for sale after an alleged breach of multiple servers at T-Mobile USA.
The person claiming to have hacked T-Mobile says that they are part of a gang that had access to the telecom operator’s systems for 2-3 weeks until this weekend.
In an attempt to prove the claim, a screenshot of what appeared to show unauthorised access to T-Mobile’s servers by hackers.
Vice says that it managed to confirm with T-Mobile customers that their details were included in a sample of data shared by the hacker.
The hacker, meanwhile, is advertising 30 million unique social security numbers and driving license details for 6 Bitcoin (currently valued at approximately US $285,000.)
30M unique SSNS with SS
Price 6 Bitcoin
Freshly dumped and NEVER sold before!
SERIOUS BUYERS ONLY!
T-Mobile is no stranger to data breaches.
For instance, in 2018 it warned that as many as 2.3 million accounts had their details accessed through an unsecure API.
Then, in 2019, over one million accounts were exposed following a breach.
In March 2020, meanwhile, hackers gained access to T-Mobile employees’ email accounts and stole customer account information.
Most recently, in December last year, 200,000 customers were notified that customer proprietary network information (CPNI), which “may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service” had been accessed by an unauthorised party.
T-Mobile has not currently confirmed that the latest reported data breach has occurred, but has said that it is investigating:
“We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”
In the past T-Mobile has said that it takes the security of customers’ information “very seriously”…
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.