latest news
T-Mobile has confirmed a data breach occurred. But at the same time, T-Mobile added that it was not yet able to determine the exact number of affected customers. The company said it has begun an in-depth technical review of the entire system to determine the nature of any data that was unlawfully accessed.
However, T-Mobile has identified how attackers stole its customers' data and has taken steps to protect its systems. And T-Mobile has notified law enforcement and is investigating the data breach with the help of digital forensics experts.
Event review
An attacker claims to have hacked into T-Mobile's servers and stolen a database containing the personal data of about 100 million users, saying it was all an attempt to retaliate against the United States and attack American infrastructure.
T-mobile database stolen, 100 million users affected
On August 14, an attackerhackerThe forum claimed to be selling a database containing the birth dates, driver's license numbers and Social Security numbers of 30 million people for 6 bitcoins (about $280,000).
Screenshots of posts in the forum
Although the source of the data was not specified in the forum post, the attackers revealed to the media that this was data they obtained from T-Mobile during a large-scale server compromise two weeks ago. The stolen data totaled 106GB, which included T-Mobile's customer relationship management (CRM) database.
The attackers said they compromised T-Mobile's production, deployment and development servers, including an Oracle database server that contained user data. It also stated that all IMEI historical databases from 2004 to the present were stolen. To prove their breach was genuine, the attackers also shared a screenshot of an SSH connection to a production server running Oracle.
In addition, Motherboard, which first reported the incident, stated that they can also confirm that the data samples provided by the attackers indeed belong to T-Mobile users.
The stolen data is said to contain the data of approximately 100 million T-Mobile users:
IMSI (International Mobile Subscriber Identity)
IMEI (International Mobile Equipment Identity)
telephone number
username
Security Code
social security number
driver's license number
date of birth
IMEI (International Mobile Equipment Identity) is an "electronic serial number" composed of 15 digits, which corresponds to each mobile phone one-to-one, and this code is unique in the world. Each mobile phone will be assigned a globally unique set of numbers after assembly. This number will be recorded by the manufacturer from production to delivery.
The IMSI (International Mobile Subscriber Identity) is an identification code that is used to distinguish different users in a cellular network and is not repeated in all cellular networks.
As for what to do with the data, the attackers said they did not contact T-Mobile to ask the company to redeem the data, but instead decided to sell it directly to interested buyers on forums.
In response to this data leakage, T-mobile said that they are investigating and there is no other news to be announced yet.
Hackers become "Avengers"
The attackers said they carried out the attack in retaliation for the 2019 kidnapping and torture of John Erin Binns (CIA Raven-1) by CIA and Turkish intelligence agents in Germany, thereby damaging U.S. infrastructure.
Binns is a Turkish resident who sued the FBI, CIA and Justice Department in 2020. The complaint alleges that he was tortured and harassed by the U.S. and Turkish governments and wants the U.S. to release documents related to these activities.
Original article, author: Chief Security Officer, if reprinted, please indicate the source: https://cncso.com/en/hackers-steal-data-of-100-million.html
