Posted on August 17, 2021 at 9:28 AM
T-Mobile has stated that investigations are underway into a recent data breach where hackers released sensitive user data belonging to around 100 million US customers. Some of the vulnerable details during the breach include customer name, address, date of birth, phone number, social security number, security PINs and other personal identification details.
The breach was realized after someone took to a popular cybercrime forum and posted that they were selling data from T-Mobile belonging to 100 people. The firm later confirmed a breach in their systems, but it remained unclear on the stolen data and the extent of the breach.
“We have determined that unauthorized access to some T-Mobile data occurred, however, we have not yet determined that there is any personal customer data involved,” T-Mobile stated.
Details Revealed on Twitter
Details of the intrusion were revealed on Twitter when a profile under the name @und0xxed tweeted the details. In response to a direct message, Und0xxed stated that they were not responsible for the hack but acted as an intermediary to find buyers who could purchase the data.
Und0xxed stated that hackers exploited a vulnerability on T-Mobile’s wireless data network and managed to gain access to a large number of customer databases with a size of more than 100 gigabytes.
The seller also stated that one of the databases contained the name, SSN, date of birth, driver license details, address and phone numbers belonging to 36 million T-Mobile users in the United States. The data dates back to the mid-1990s.
To prove that the data was legit, the seller stated that they had also obtained IMEI and IMSI details of the T-Mobile customers in the United States. IMEI and IMEI details link user information and their device.
“If you want to verify that I have access to the data/the data is real, just give me a T-Mobile number, and I’ll run a lookup for you and return the IMEI and IMSI of the phone currently attached to the number and any other details,” Und0xxed stated in Twitter. The seller also stated that the people affected are all T-Mobile customers and other telecom firms owned by T-Mobile.
The seller also stated that the prepaid user details contained less information compared to the post-paid customers. The details mostly linked to prepaid users are the IMEI, IMSI and phone numbers. Und0xxed also stated that one of the databases contained credit card numbers, but some of the card details had been hidden.
T-Mobile did not give any further details on the matter but only commented through a blog post acknowledging that the intrusion happened, but the extent of the compromised data was not yet known.
Similar Breaches in the telecommunication sector have happened in the past. In 2015, a similar breach happened at the Experian credit bureau, where social security numbers and other details belonging to 15 million users were exposed.
Telecommunication firms also face the threat of employee targeting where hackers conduct SIM swap attacks and employ other techniques that will give them control of employee accounts. Hackers use these accounts to gain backdoor access to customer details. Some hackers also liaise with company employees to access the customer details.
Hackers behind T-Mobile Intrusion
The Twitter account that detailed the hack goes by the name @Undoxxed. The account recognized @IntelSecrets, a Twitter profile that belongs to a well-hidden hacker who goes by various aliases such as IRDev and V0rtex. Undoxxed also confirmed that IntelSecrets was behind the intrusion.
The alias names used by IntelSecrets show a correlation with an individual who claimed responsibility for altering the source code for the Mirai IoT botnet. He changed this source code to Satori and sent it to other individuals who used it for criminal purposes. However, these criminals were caught and charged. However, IntelSecrets has never been caught for these attacks.
It is not the first time that T-Mobile has been hacked. The current attack is the fifth one in recent years. In January 2021, T-Mobile admitted to another data breach where hackers gained access to around 200,00 call records and other user details. In 2020, T-Mobile also acknowledged a breach of employees’ email accounts and that customer data was stolen.
In another incident, T-Mobile also stated that a million prepaid customers were affected after their personal and billing details were accessed. In 2018, T-Mobile issued an alert stating that personal details belonging to around 2 million customers would be scrapped. Nevertheless, users have been urged to remain vigilant and to take the necessary precautions to ensure the hackers do not do any further damage to their details.