A hacker who claimed responsibility for the recent intrusion of T-Mobile's servers called the company's security protocols "awful," saying he gained accessed to the records of tens of millions of people through a publicly exposed router.
Earlier in August, T-Mobile reported a breach it said impacted some 47.8 million customers, with that number ballooning to well over the 50 million mark last week. Separate troves contained the names, birth dates, social security numbers, driver's license and ID information, and IMEI and IMSI data of current, former and prospective customers.
T-Mobile's latest reports indicate data on more than 54 million customers was stolen.
On Thursday, 21-year-old John Binns, an American who now lives in Turkey, told The Wall Street Journal that he was behind the hack.
In an exchange on Telegram, Binns offered evidence of his involvement in the plot and explained a relatively straightforward process that involved probing T-Mobile's online infrastructure with publicly available tools. After discovering an unprotected router in July, the hacker used the entry point to penetrate a data center outside East Wenatchee, Wash., where stored credentials enabled access to more than 100 servers, the report said.
"I was panicking because I had access to something big," he said. "Their security is awful."
Binns spent about a week parsing the servers before downloading the data cache on Aug. 4. Some nine days later, security research firm Unit221B told T-Mobile that someone using the IRDev alias was attempting to sell its customer data to online criminals. Binns provided the WSJ with evidence that he could access accounts linked to IRDev.
The hacker said one goal of the intrusion was to "generate noise," saying he wanted to expose an alleged incident in which he was abducted and placed in a fake mental hospital in Germany. He made similar claims to a U.S. relative last year, but the allegations have not been substantiated.
Online profiles connected to Binns have been tied to other high-profile hacks, the report said.
T-Mobile in a statement said it was "confident" that it closed access to the weak points used in the attack. The company is offering two years of identity protection service to customers affected by the breach.
5 Comments
2 years free identity protection is not nearly enough to remedy the problem and make the affected customers whole again.
Not overlooking T-Mobile’s part in this but this guy is a real shit bag. Based on the reporting here sounds like he wants to come off like some damn hero. You and your ilk are criminals. Yeah and two years free identity protection doesn’t give you a pass t-mobile.
Keep stories like this in mind when hearing why Apple should allow developers/publishers/etc direct access to customer data.
Identity theft protection is more overstated marketing than actual security - most of the protections relate to credit fraud, for which you already have significant protections, additionally at no cost whatsoever you can request credit fraud alerts to be switched on at any time. The insurance component of identity theft protection is almost solely for the costs associated with restoring an identity after an incident of identity theft and *not* the actual loss itself. (So basically just covering the cost of some paperwork and not your actual losses.)
My tmobile account was exposed and I am using mcfee for free. And the dark web reporting is still showing exposed data as a result of Adobe hack.
Wait…so all the 54 million user data is NOT going to be sold to nefarious parties? Stolen user identity will NOT be compromised? This guy is acting like a white hat hacker. I’m confused