More than 50 million T-Mobile customers were affected by the hack and about 48 million social security number were accessed.
T-Mobile, one of the biggest telecommunications companies in the US, was hacked nearly two weeks ago, exposing the sensitive information of more than 50 million current, former and prospective customers. Names, addresses, social security numbers, driver’s licenses and ID information for about 48 million people were accessed in the hack, which initially came to light on August 16. Here’s everything we know so far. T-Mobile is a subsidiary of German telecommunications company Deutsche Telekom AG providing wireless voice, messaging and data services to customers in dozens of countries. In the US, the company has more than 104 million customers and became the second largest telecommunications company behind Verizon after its $26 billion merger with Sprint in 2018. T-Mobile released a statement last week confirming that the names, dates of birth, social security numbers, driver’s licenses, phone numbers, as well as IMEI and IMSI information for about 7.8 million customers had been stolen in the breach. Another 40 million former or prospective customers had their names, dates of birth, social security numbers and driver’s licenses leaked. More than 5 million « current postpaid customer accounts » also had information like names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed. T-Mobile said another 667,000 accounts of former T- Mobile customers had their information stolen alongside a group of 850,000 active T-Mobile prepaid customers, whose names, phone numbers and account PINs were exposed. The names of 52,000 people with Metro by T-Mobile accounts may also have been accessed, according to T-Mobile. A 21-year-old US citizen by the name of John Binns told The Wall Street Journal and Alon Gal, co-founder of cybercrime intelligence firm Hudson Rock, that he is the main culprit behind the attack. His father, who died when he was two, was American and his mother is Turkish. He and his mother moved back to Turkey when Binns was 18. Binns, who was born in the US but now lives in Izmir, Turkey, said he conducted the attack from his home. Through Telegram, Binns provided evidence to the Wall Street Journal proving he was behind the T-Mobile attack and told reporters that he originally gained access to T-Mobile’s network through an unprotected router in July. According to the Wall Street Journal, he had been searching for gaps in T-Mobile’s defenses through its internet addresses and gained access to a data center near East Wenatchee, Washington where he could explore more than 100 of the company’s servers. From there, it took about one week to gain access to the servers that contained the personal data of millions. By August 4 he had stolen millions of files. « I was panicking because I had access to something big. Their security is awful, » Binns told the Wall Street Journal. « Generating noise was one goal. » Binns also spoke with Motherboard and Bleeping Computer to explain some dynamics of the attack. He told Bleeping Computer that he gained access to T-Mobile’s systems through « production, staging, and development servers two weeks ago. » He hacked into an Oracle database server that had customer data inside. To prove it was real, Binns shared a screenshot of his SSH connection to a production server running Oracle with reporters from Bleeping Computer. They did not try to ransom T-Mobile because they already had buyers online, according to their interview with the news outlet.
