Hackers selling data on 100M T-Mobile customers after server attack

T-Mobile is looking into a breach of its servers that has apparently resulted in harvested data on over 100 million customers being sold on a hacker forum.

On Sunday, T-Mobile confirmed it was investigating a post on a hacker forum claiming to sell a cache of data relating to its customers. It is claimed by the poster that they had managed to acquire the data on over 100 million people, taken from servers operated by the carrier.

The data stems from "T-Mobile USA. Full customer info," the forum poster told Motherboard, and that multiple servers were compromised to get it.

The trove of data appears to consist of names, phone numbers, physical addresses, IMEI numbers, driver license information, and social security numbers. Samples obtained in reports appear to be genuine.

According to cybersecurity firm Cyble speaking to BleepingComputer, the attacker claims to have stolen multiple databases, acquiring some 106GB of data in the process.

The seller was openly offering data on 30 million social security numbers and driver licenses via the forum, requesting 6 bitcoin ($283,000) for the trove. They said the rest of the data is being sold privately through other deals.

It is believed that T-Mobile knows about the intrusion, as the seller said "I think they already found out because we lost access to the backdoored servers."

In its statement, T-Mobile says it is "aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time."

The hack is the latest for the carrier, and probably the biggest it has suffered so far. In 2018, a breach saw data on 2 million customers swiped, followed by another breach in 2019.

With some 104.8 million subscribers as of Q2 2021, the latest breach may have theoretically affected almost all of T-Mobile's customers.