Ride the Lightning

T-Mobile Suffers Massive Data Breach

August 18, 2021

Krebs on Security reported on August 16 that T-Mobile said it is investigating a breach that hackers claim has exposed the personal data of 100 million T-Mobile USA customers, often including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer’s mobile device.

In an August 16 statement published on its website, T-Mobile confirmed the breach involving “some T-Mobile data,” but said it was too soon to know what was stolen and how many customers might be affected.

“We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved,” T-Mobile wrote.

“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the statement continued. “This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.”

The breach was revealed on Twitter when the account @und0xxed tweeted the details. Und0xxed said they were not involved in stealing the databases but were instead in charge of finding buyers for the stolen T-Mobile customer data.

Well, I guess they would know something about the incident.

Und0xxed said the hackers found an opening in T-Mobile’s wireless data network that allowed access to two of T-Mobile’s customer data centers. He said the intruders dumped customer databases totaling more than 100 gigabytes.

One of those databases holds the name, date of birth, SSN, drivers license information, plaintext security PIN, address and phone number of 36 million T-Mobile customers in the United States going back to the mid-1990s.

The hacker(s) claim the stolen data also includes IMSI and IMEI data for 36 million customers. These are unique numbers embedded in customer mobile devices that identify the device and the SIM card that ties that customer’s device to a telephone number.

“If you want to verify that I have access to the data/the data is real, just give me a T-Mobile number and I’ll run a lookup for you and return the IMEI and IMSI of the phone currently attached to the number and any other details,” @und0xxed said. “All T-Mobile USA prepaid and postpaid customers are affected; Sprint and the other telecoms that T-Mobile owns are unaffected.”

More details will no doubt follow. A black day for T-Mobile.

Notice: The new RSS feed for Ride the Lightning is https://senseient.com/feed/?post_type=ride-the-lightning for those that wish to subscribe in a reader.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson