watch the full episode on Youtube: https://youtu.be/c2oBPxN85YU
T-Mobile has confirmed much of what a threat actor bragged about over the weekend: Personal details for tens of millions of current, former or prospective T-Mobile customers were stolen in a huge breach of its servers.
On Tuesday, it disclosed further details on the data breach in a post on its website, saying that the breach affects as many as 7.8 million postpaid subscribers, 850,000 prepaid customers and “just over” 40 million past or prospective customers who’ve applied for credit with T-Mobile.
2. T-Mobile: >40 Million Customers’ Data Stolen
According to an article on Threatpost T-Mobile has confirmed
much of what a threat actor bragged about over the weekend:
Personal details for tens of millions of current, former or
prospective T-Mobile customers were stolen in a huge breach
of its servers.
On Tuesday, it disclosed further details on the data breach in
a post on its website, saying that the breach affects as many
as 7.8 million postpaid subscribers, 850,000 prepaid
customers and “just over” 40 million past or prospective
customers who’ve applied for credit with T-Mobile.
Its investigation is ongoing, but so far, it doesn’t look like
financial data, credit card information, debit or other payment
information was in the stolen files, T-Mobile said. The wireless
carrier said that it located and “immediately” closed the access
point in its servers that it believes granted access to the
attacker(s).
3. T-Mobile: >40 Million Customers’ Data Stolen
Forrester Analyst Allie Mellen told Threatpost on Wednesday
that this attack wasn’t exactly rocket science. “According to
the attackers, this was a configuration issue on an access
point T-Mobile used for testing,” she said via email. “The
configuration issue made this access point publicly available
on the Internet. This was not a sophisticated attack; this was
not a zero day. T-Mobile left a gate wide open for attackers –
and attackers just had to find the gate.”
At least according to what the purported thief told
cybersecurity intelligence firm Cyble, the threat actor made off
with a collection of databases that total about 106GB of data,
including T-Mobile’s Oracle customer relationship
management (CRM) database.
Compromised payment data may not have shown up in T-
Mobile’s investigation, but personal information did: As of
01:54 Wednesday morning, T-Mobile had ascertained that the
ripped-off data included customers’ first and last names, date
of birth, Social Security numbers, and driver’s license/ID
information “for a subset of current and former postpay
customers and prospective T-Mobile customers.”
4. T-Mobile: >40 Million Customers’ Data Stolen
The telecommunications bigwig said that it first learned late
last week about claims, posted to an underground forum, that
threat actor(s) had stolen over 100 million customer records
and were offering 30 million for sale for the surprisingly cheap
cost of 6 bitcoin (~$270,000), or about 1 cent per record.
According to preliminary analysis, about 7.8 million current T-
Mobile postpaid customer accounts’ information were in the
stolen files, plus over 40 million records of former or
prospective customers who had previously applied for credit
with T-Mobile.
Either the purported thief was lying about also getting at
phone numbers, account numbers, security PINs, and
passwords, or T-Mobile’s preliminary investigations haven’t
yet revealed proof that they were. At any rate, the company
said that none of those, nor financial information, were
compromised in any of the purloined files of customers or
prospective customers.
5. T-Mobile: >40 Million Customers’ Data Stolen
Over the weekend, the threat actor who was offering to sell
the records on an underground forum told BleepingComputer
and Motherboard that they’d also stolen physical addresses,
unique IMEI numbers and IMSI numbers. The attacker told
BleepingComputer that T-Mobile’s “entire IMEI history
database going back to 2004 was stolen.” IMEI (International
Mobile Equipment Identity) is a unique 15-digit code that
precisely identifies a mobile device with the SIM card input,
and an IMSI (International mobile subscriber identity) is a
unique number that identifies every user of a cellular network.
No phone numbers, account numbers, PINs, passwords, or
financial information were compromised in any of the stolen
records pertaining to customers or prospective customers,
Not so for prepaid customers, though: There were, in fact,
security PINs for 850,000 prepaid customers involved, T-
Mobile said in its update: “At this time, we have also been able
to confirm approximately 850,000 active T-Mobile prepaid
customer names, phone numbers and account PINs were also
exposed.”
6. T-Mobile: >40 Million Customers’ Data Stolen
It’s reset all the PINs on the prepaid accounts and plans to
notify customers “right away,” the company said. No Metro by
T-Mobile, former Sprint prepaid, or Boost customers had their
names or PINs exposed.
Finally, information from inactive prepaid accounts was
compromised through prepaid billing files. There were no
customer financial information, credit card information, debit
or other payment information or Social Security numbers
contained in the inactive file.
7. T-Mobile: >40 Million Customers’ Data Stolen
2018: 2.3 million subscribers’ data were exposed, including
names, billing ZIP codes, phone numbers, email addresses,
account numbers and account types (prepaid or postpaid).
2019: about 1.26 million of T-Mobile’s prepaid were
affected by a breach that included names, billing addresses (if
provided), phone numbers, account numbers and CPNI.
2020: An undetermined number of employees and customers
were affected when attackers accessed employee email
accounts, some of which contained account information for T-
Mobile customers, including names and addresses, phone
numbers, account numbers and more.
8. T-Mobile: >40 Million Customers’ Data Stolen
January 2021: The wireless carrier disclosed that it detected
and shut down “malicious, unauthorized access to some
information” related to T-Mobile accounts. Specifically, that
data consisted of customer proprietary network
information (CPNI) – a data set that the FCC calls “some of the
most sensitive personal information that carriers and
providers have about their customers.”
CPNI includes records of which phone numbers users called;
the frequency, duration, and timing of such calls; and any
services purchased by the consumer, such as call waiting. T-
Mobile said that the thieves in this case lifted phone numbers,
number of lines subscribed to on accounts, “and, in some
cases, call-related information.”
August 2021: The current attack
I got really mad today. So I decided to see if I can scrap together a daily Cyber Security review. I want to take the worst offenders in terms of lack of Security that come across my desk every single day and report to you about them. I hope I can keep on top of this but we are all busy. Lets just see how long we can get this going. Of course you sharing my episodes and helping spread the word gives me the motivation , so thanks for that, I see that it is reaching people so keep sharing.
Again there is enough information here to make 40 million people victims to Phishing scams about their T-mobile accounts. Your account was breached, click here ot secure your account. Or Here is the link to your free 2 year Credit Check service, compliments of T-Mobile Customer Service. Sheesh 40 million sitting ducks. But hey No financial data was stolen and T-Mobiles services weren’t disrupted right?
So here is where the story gets a infuriating. This is the second attack in 2021 against T-Mobile and the 5th since 2018.
Listen
Listen, this is not a mid to small size company.They certainly scream from the mountain tops about their stock price being up 72% in their 2020 financial reports, their total revenues of 68.4 Billion dollars and $3.1 Billion Net Income. Hey how about putting some of that $3.1 Billion into your Cyber Security team. They are clearly either overworked or outmanned in their daily fight. I am not picking on the T-Mobile Cyber team. I know how it goes. The budget and time is always squeezed. But enough is enough. The data that is being stolen can affect Millions of unwitting customers who can fall prey to cyber ransomware, virus’s or other scams that separate them from their money or worse. Giving 2 years of Credit protection is not enough. That is only one way that thes people can get scammed. What about hte rest. An dmost importantly what about beefing up your security team.