It wasn’t long ago, that another one hit the dust! US Telecom giant T-Mobile servers have been breached. The investigations are on-going to confirm if customer data has been stolen and affected. The news broke out that a threat actor had allegedly put the data for sale and claims were that some of the data was already being sold. The allegations are that close to 100 millions T-mobile customers might’ve been stolen after the data breach. The hacker told BleepingComputer that the databases stolen during the attack contain the data for approximately 100 million T-Mobile customers, including IMSI numbers, IMEI numbers, phone numbers, customer names, security PINs, Social security numbers, driver’s license numbers, and date of birth.
It’s one of the attacks in the recent times that can’t be ignored. Not all data breaches end up having equal impacts. None of them are acceptable, yet they do come in fluctuating levels of events. As first publicized by Motherboard on Sunday, somebody on the dark web professes to have gotten the information of 100 million from T-Mobile’s workers and is selling a piece of it on an underground gathering for 6 bitcoin, about $280,000. The stash incorporates names, telephone numbers, and actual addresses yet additionally more sensitive information like government managed retirement numbers, driver’s permit data, and IMEI numbers, special identifiers attached to every cell phone. Motherboard affirmed that examples of the information “contained exact data on T-Mobile clients.” [Wired]
T-Mobile has confirmed certain findings with respect to the data breach. T-Mobile has confirmed the following – “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the statement continued. “This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.” The data breach gained more traction with a tweet from the account @und0xxed. The tweet reads something like this below:
Und0xxed said the hackers found an opening in T-Mobile’s wireless data network that allowed access to two of T-Mobile’s customer data centers. From there, the intruders were able to dump a number of customer databases totaling more than 100 gigabytes. They claim one of those databases holds the name, date of birth, SSN, drivers license information, plaintext security PIN, address and phone number of 36 million T-Mobile customers in the United States — all going back to the mid-1990s.The hacker(s) claim the purloined data also includes IMSI and IMEI data for 36 million customers. These are unique numbers embedded in customer mobile devices that identify the device and the SIM card that ties that customer’s device to a telephone number. [Reference]
A screenshot from Bleeping computer has surfaced that shows the threat actors connecting to an Oracle database server over SSH on the company’s internal data center network.
The 2018 and 2020 breaks uncovered clients’ very own information, however neither included especially delicate data like Social Security numbers, and each was accepted to influence just a few million individuals. Reached on the application Telegram on Monday, the programmer professed to have hacked T-Mobile for certain partners. In its assertion, T-Mobile declined to address the number of expected breached customers until it had got done with exploring. “This investigation will require some investment however we are working with the most significant level of desperation,” it said. “Until we have finished this evaluation we can’t affirm the revealed number of records influenced or the legitimacy of proclamations made by others.” This adds to the ever-increasing need for being proactive because it seems the most complex data breaches are arising from the smallest vulnerabilities being exploited.
Article by Kaushik Sundararajan
I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of certain ideas from a different perspective.